On August 7, 2024, the Personal Data Protection Service (PDPS) published a guide providing the minimum standards for selecting and training data protection officers (DPOs) under the Data Protection Act 2023.

What are the requirements for DPOs according to the guide?

The guide notes that the Data Protection Act 2023 requires DPOs to have competence in the field of data protection. In that regard, the PDPS notes that even though certifications are not mandatory, interested individuals can pursue international online certification courses.

Additionally, the guide provides that specific training and knowledge in the following areas are critical:

• purposes of the law;
• scope of the law;
• definitions in the law;
• principles of data processing;
• grounds for data processing;
• data subject rights;
• obligations of controllers and processors;
• international data transfers;
• main activities of the PDPS; and
• administrative offenses and liabilities.

The guide also lists the skills DPOs are expected to have based on the role's responsibilities and functions. The guide highlights that DPOs are expected to have integrity of character, a willingness to stay on top of developments in data protection, the ability to solve problems and effectively analyze risk, and to present effective communication skills.

The guide further provides clarifications on specific DPO tasks, such as assisting in:

• maintaining the data processing register;
• conducting Data Protection Impact Assessments (DPIAs);
• developing privacy notices; and
• managing incidents.

You can read the guide here and the press release, only available in Georgian, here.