Page 1

Government of Georgia
Resolution №180
July 19, 2013
ქ. Tbilisi

The activities of the Personal Data Protection Inspector and by him
On the approval of the regulation on the rule of exercising authority
Article 1
In accordance with Article 27, Paragraph 2 of the Law of Georgia on Personal Data Protection,
To approve the activities of the Personal Data Protection Inspector and his / her authority
Provision on the Rule of Implementation ”.
Article 2
1. The Chancellery of the Government of Georgia shall be provided from the Reserve Fund of the Government of Georgia
Expenses required for the operation of the inspector and his staff from the allocated appropriations
Funding in accordance with the Law of Georgia on the State Budget of Georgia for 2013
Before making a change.
2.
of Georgia
Government
Chancellery
To provide
Inspector
And
With the necessary area and inventory for operation.
Article 3
The resolution shall enter into force upon its publication.
Prime Minister

Her

Apparatus

Bidzina Ivanishvili

The activities of the Personal Data Protection Inspector and by him
On the rule of exercising authority
Regulation
Chapter I
general regulations
Article 1. Purpose of the Regulation
This provision is determined in accordance with the Law of Georgia on Personal Data Protection
Exercise of authority by the Personal Data Protection Inspector (hereinafter - the Inspector)
The rule of the cells, the basic principles and forms of its activity.
Article 2. Definition of terms
The terms used in this Regulation are defined as "On the protection of personal data".
In accordance with the law of Georgia.
Article 3. Basic principles and tasks of the inspector
1. An inspector is an official who stands before objectivity, impartiality, the law
Persona is supervised in Georgia based on the principles of equality and legality
Comply with the legislation regulating the protection of data (hereinafter - the data) and
Exercises control over the legality of data processing.
2. The main tasks of the inspector are:

http://www.matsne.gov.ge

01010000010003017347

A) Consulting public and private institutions (individuals) on data protection
Page
2 issues;
Related
B) review of data protection applications;
C) checking the legality of data processing in public and private institutions;
D) Informing the public about the state of data protection in Georgia and with it
About important related events.
Article 4. Independence of the Inspector
1. The inspector is independent in the exercise of his powers and is not subject to either
To another official and authority.
2. The inspector is guided by the Constitution of Georgia, international agreements,
According to the Law of Georgia on Personal Data Protection, other normative acts and this de
With bulls.
3. Any influence on the inspector or interference in his activities is prohibited and punishable by law.
4. The inspector has the right not to testify due to the fact that he has been dismissed as an inspector.
This right is retained by him even after the termination of his authority.
Article 5. Office of the Inspector
1. The inspector exercises his rights and performs the duties of the inspector's office
(Hereinafter - the device) via.
2. The Office is headed directly by the Inspector or by his / her Deputy Inspector;
Who is appointed and dismissed by the inspector.
3. Inspector:
A) approves the statute of the staff, which defines the structure of the staff and employees
The terms and conditions of the distribution of powers between;
B) approves the staff list of the staff and the amount of labor remuneration of the employees;
C) appoints and dismisses the staff on the basis of a competition
Employees;
D) uses incentives and disciplinary measures against employees.
4. Article 4, Paragraph 4 of this Regulation shall apply to the staff of the Office.
Article 6. Financial and organizational support for the activities of the inspector and the staff
1. The activities of the inspector and the staff are financed from the state budget of Georgia.
2. The draft budget shall be submitted by the inspector in accordance with the rules established by law. Inspector
And the necessary allocations for the activities of the Office are defined in the state budget of Georgia
With a separate code.
3.
Inspector
State
Received from the budget
Receive grants to exercise the powers provided by law
In accordance with the rules established by law.

Funding

In addition to being authorized to

4. The inspector ensures the protection and targeted use of state property.

http://www.matsne.gov.ge

01010000010003017347

Chapter II

Page 3

Rules for carrying out the activities of the inspector
Article 7. Obligation and authority of the inspector
1. The inspector is obliged to:
A) in case of a relevant request, to consult the State of Georgia
Government and local self-government bodies, other public institutions, private
Legal entities and individuals with data processing and protection
On any related matter;
B) review data subject statements regarding data protection and processing
And take measures provided by the Law of Georgia on Personal Data Protection;
C) if in the course of the activity he / she considers that there are signs of a crime, inform the authorized person
In accordance with the rules established by the legislation of a state body.
2. The inspector is authorized to:
A) to carry out a check (inspection) of the legality of data processing, public and private
In institutions;
B) inform the public about the state of data protection in Georgia and with it
About important related events;
C) Develop and submit proposals and conclusions to various public institutions for data
To improve processing legislation;
D) Cooperate with other institutions, international organizations and other states
On issues related to data protection with the relevant institution;
E) request violations of normative acts regulating data processing and
Correct data processing deficiencies in the form specified by it
And within the specified period;
F) give written advice and make recommendations to the data processor and the authorized person
A person in the event of a minor breach of data processing rules by them;
G) request the termination of the transfer of data to another state and international organization;
If their transfer is carried out in accordance with the Law of Georgia on Personal Data Protection
In violation of genile requirements;
H) request a temporary or permanent cessation of data processing if the data processor
Or the measures and procedures taken by an authorized person for data security
Complies with the requirements established by law;
I)
To request
Data
Processing
Termination,
Block, delete, destroy or
Depersonalization, if it is believed that the data processing was carried out “Personal data
Against the Law of Georgia on Protection;
J) impose administrative liability on the data processor or authorized person
In accordance with the rules established by law;
K) issue an individual administrative legal act on the basis of the legislation
On matters within its competence;
L) apply to the court in cases provided by law;

http://www.matsne.gov.ge

01010000010003017347

M) exercise other powers provided by law.

Page 4

Article 8. Consultations by the Inspector
1. Data defined by the Law of Georgia on Personal Data Protection
The processor and / or the authorized person are authorized, in written / electronic form
Contact the inspector orally and / or in writing about data processing and protection
For consultation.
2. The consultation provided by the inspector is of a recommendatory nature. Data processor and
The authorized person processes the data on the "Personal Data Protection" of Georgia
By law, independently and under their own responsibility.
Article 9. Form and registration of the application to be submitted to the inspector
1. The data subject and / or his / her authorized representative has the right to “personal data
In case of violation of the rights provided by the Law of Georgia on Protection,
Apply to the TOS Inspector, in writing or electronically.
2. The application must contain:
A) The identity, address and contact of the data subject and / or his / her authorized representative
Information;
B) Name, address, identification of the data processor and / or authorized person
Code and / or personal number provided by the data subject and / or his / her authorized representative
In his opinion, he violated the law of Georgia on Personal Data Protection
His rights;
C) the request of the data subject and / or his / her authorized representative;
D) a description of the circumstances on which the data subject and / or his / her authority is based
Request of a representative;
E) the date of submission of the application and the data subject and / or his / her authorized representative
Signature;
F) the list of documents attached to the application, if any.
3. Application submitted by the data subject and / or his / her authorized representative or other
The document must be drawn up in Georgian, and the document drawn up in a foreign language must be in Er
Notary certified translation.
4. The Office of the Inspector is obliged to register the application on the day of receipt and
Send (transmit) the application to the data subject and / or his / her authorized representative
Proof of registration.
5. If the application is submitted electronically, the inspector's office is obliged to:
Make an application in the Electrical Applications Register and inform the data about it
Subject and / or his / her authorized representative electronically.
6. The application form submitted in electronic form, the procedure for its receipt and registration
Determined by the inspector.
Article 10. Consideration of the application
1. Within 5 days after the registration of the application, the Office verifies the compliance of the submitted application
With the requirements of the Law of Georgia on Personal Data Protection and this Regulation.
2. If necessary, the device to the data subject and / or his / her authorized representative
http://www.matsne.gov.ge

01010000010003017347

additional
Information
Submission
And / or With the application
Page
Set5a reasonable time limit for elimination, which should not be less than 3 days.

Related

Other

Defect

3. If the data subject and / or his / her authorized representative does not meet the deadline
Elimination of the deficiency and / or does not submit the information provided for in paragraph 2 of this Article;
The inspector has the right to leave the application unconsidered, about which the data will be notified
The subject and / or his / her authorized representative.
4. 10 days after receiving the application of the data subject and / or his / her authorized representative
Within a period of time, the inspector makes a decision on the measures to be taken and notifies it
The data subject and / or his / her authorized representative.
5. The inspector, at any stage of the application review, is authorized to:
A) request the data subject and / or his / her authorized representative to make a decision
Provide the necessary additional documentation and explanations;
B) in accordance with the rules established by law, request the information necessary for making a decision
From any natural, public and / or private legal entity; Also, Te
From the international organizations operating in the area to which it applies
Law of Georgia on Personal Data Protection;
C) appoint and conduct an oral hearing of the application in accordance with the procedure established by Article 11 of this Regulation;
D) Carry out the inspection of the data processor and / or authorized person “Personal
In accordance with the Law of Georgia on Data Protection and this Regulation;
E) conduct in accordance with the Law of Georgia on Personal Data Protection and this Regulation
Other measures provided.
6. The term for reviewing the application by the inspector should not exceed 2 months. argumented
According to the decision, the inspector is authorized to extend the term of consideration of the application not more than 1
Inform the data subject and / or his / her authorized representative about it.
Article 11. Rules for conducting an oral hearing by an inspector
1. The oral hearing shall be opened and chaired by the inspector or a person authorized by him.
The session is attended by the secretary of the session.
2. The oral hearing is closed. The chairperson of the session is authorized, the session is open
To announce with the consent of all persons participating in the session.
3. The data subject and / or his / her authorized person have the right to participate in the oral hearing
A representative, data processor and / or authorized person, if necessary, at the meeting
By the decision of the Chairman to other persons.
4. The chairperson of the sitting is obliged to ensure the importance of the issue under consideration
Investigate the circumstances and give them to the participants of the session regarding the issue under discussion
The right to express one's opinion.
5. The secretary of the session shall draw up a protocol, which shall indicate:
A) Name, surname and content of the document certifying the authority, if
The inspector will not see the application;
B) time and place of the hearing;
C) the identities of the persons participating in the session;
D) the subject of the oral hearing, a brief review of the submitted application;
http://www.matsne.gov.ge

01010000010003017347

Page
6 brief description of the opinions of the persons participating in the session.
E) A
6. The minutes of the sitting shall be signed by the chairperson and the secretary of the sitting.
7. The interested party has the right to get acquainted with the protocol and submit it within 3 days after getting acquainted with the protocol.
Notes, indicate the presence of incorrect or incomplete information in it. If by the inspector or by him
The authorized person agrees with the remark, confirms its correctness or makes a decision on the remark
About denial.
Article 12. Procedure for inspection of data processor and authorized person by the inspector
1. The inspector is authorized, on his own initiative or at the request of an interested person
On the basis of, check any data processor and authorized person.
2. Inspection on its own initiative involves data processors and
Planned and unscheduled inspections of authorized persons.
3. The inspector annually identifies priority areas and plans to be inspected
Categories of data processors and authorized persons in the process of processing
Data volume, content, number of staff involved in the processing process, etc.
Considering the risks.
4. Inspector on unscheduled inspection of data processors and authorized persons
The basis of the decision may be:
A) for a specific data processor and authorized person for the inspector
Number and / or content of submitted applications;
B) information received from the mass media or any other source;
C) the application of the interested person provided for in paragraph 1 of this Article.
5. Inspection by the inspector means:
A) Adherence to the principles of data processing and the legal basis for data processing
To establish existence;
B) procedures adopted for data protection and organizational and technical measures
Checking compliance with the requirements established by law;
C) file system catalog, file system catalog registry and data issuance
Compliance with the requirements set by the data protection legislation on accounting
Cleansing;
D) the legality of the transfer of data to another state and international organization
Check;
E) checking the implementation of the rules related to data protection established by law.
6. The inspector shall issue a data on the inspection of the data processor and / or authorized person
Individual administrative legal act, which must contain:
A) the type of individual administrative legal act;
B) the title of the individual administrative legal act;
C) the name of the body issuing the individual administrative legal act;
D) Name of the data processor and / or authorized person, identification
http://www.matsne.gov.ge

01010000010003017347

Code / personal number;

Page 7

E) Name, surname, position and person authorized to carry out the inspection
Number;
F) the basis, subject and term of the inspection;
G) the rights and responsibilities of the data processor and / or authorized person during the inspection;
H) an indication of the legal requirements of the inspector and / or his / her authorized representative
On the legal consequences of non-compliance;
I) information on the appeal of an individual administrative act in court
On the right, indicating the name of the court, the address and the deadline for appeal;
J) granted by an individual administrative legal act issuing body
Registration number;
K) time and place of issuance of an individual administrative legal act;
L) Name, surname and signature of the inspector.
7.
Checking
Implementation
Generation
Inspector
Individual
A legal act is required by the inspector or a person authorized to carry out the inspection
Submit to the data processor and / or authorized person at the beginning of the inspection, except
Of the exception provided for in paragraph 8 of the same article.

Administrative

8. The inspector is obliged to inform about the planned inspection and its scope in advance, at least 3
The day before, notify the institution whose activities are related to state safe
With EBA and Defense, or who carries out operative search activities.
9. During the inspection, the inspector and / or the person authorized to conduct the inspection
Authorized to:
A) request documents from any institution, natural or legal person, and
Information necessary for the purposes of the inspection;
B) enter any institution and organization, observe the data processing process
And access to any documents and information on the spot, regardless of their content and storage
The form, except as provided in paragraph 8 of this Article;
C) request an expert examination, if necessary.
10. The data processor and the authorized person are obliged, in the process of verification,
Cooperate with the inspector and / or authorized by him / her in accordance with the rules established by law
With the person, to ensure the smooth implementation of the inspection by them.
11. The data processor and the authorized person are obliged to inspect the inspector immediately
Provide any information and documents. If this is impossible physically or legally
For a reason, they can pass information or a document to the inspector on request
No later than 15 days.
12. The inspector, his deputy and the staff of the office are obliged not to allow those
Disclosure or otherwise illegal processing of information that became known to them
During the inspection process or as a result of other types of service activities.
13. During the inspection, the person authorized to conduct the inspection shall establish and assist
Writes an inspection report describing the inspection process. Data processor and right
The person in charge is obliged to sign the inspection protocol. If they do not agree with the check
The contents of the protocol and the refusal to sign, the relevant grounds must be indicated
http://www.matsne.gov.ge

01010000010003017347

In the inspection protocol.

Page 8

Article 13. Review of the application and / or inspection of the data processor and authorized person
The resulting decision
1. Related to the review of the application and / or implemented on its own initiative
Upon completion of the inspection, the inspector makes one of the following decisions:
A) requires violation of normative acts regulating data processing and data
Correction of processing deficiencies in the form and myth indicated by it
In the term;
B) instructs the data processor and / or the authorized person to enter the data within a reasonable time;
Measures to be taken to improve the state of protection and the relevant action plan
To imagine;
C) requires a temporary or permanent cessation of data processing if the data processor
And / or measures and procedures taken by an authorized person for data security
Complies with the requirements of the law;
D)
demands
Data
Processing
Termination,
Block,
Depersonalization if it considers that the data processing is being carried out illegally;

Delete,

Destruction

Or

E) requests the cessation of the transfer of data to another state and international organization;
If their transfer is carried out in violation of the requirements of data protection legislation;
F) provide written advice and recommendations to the data processor and the authorized person;
In case of minor violation of data processing rules by them;
G) imposes administrative responsibility and the corresponding penalty for “personal data protection
To the persons envisaged by the Law of Georgia in accordance with the rules established by the same law and the amount
Bit.
2. If, as a result of the inspection, it is established that the processing of the data complies with the requirements of the law,
The inspector shall confirm in writing by the data processor and / or the authorized person
The legitimacy of data processing.
3. The inspector is authorized, taking into account the circumstances of a specific case, simultaneously
Apply the two or more measures referred to in paragraph 1 of this Article.
4. The plan provided for in subparagraph (b) of paragraph 1 of this Article shall be implemented with the inspector
By agreement.
5. The data processor and the authorized person are obliged, as indicated by the inspector
Within the deadline, comply with its requirements and notify the inspector.
6. The decision of the inspector is binding and can only be appealed
In court in accordance with the rules established by law.
7. If the data processor and / or authorized person does not comply with the requirements of the inspector,
The inspector is authorized to apply to the court.
Article 14. Imposition of administrative responsibility
1. If the inspector or a person authorized by him / her discovers about "Personal Data Protection"
The administrative violation provided for in Articles 43-54 of the Law of Georgia;
He is authorized to draw up a report on administrative offenses and review the case
In accordance with the rules established by the Code of Administrative Offenses of Georgia.
2.

"Personal

Data

Protection

About "

of Georgia

Of law

http://www.matsne.gov.ge

43 e −54 e

With knees
01010000010003017347

The inspector has the right to impose the provided administrative fines.

Page 9

3. The form of the administrative violation report is determined by the inspector.
Chapter III
Obligation to notify the inspector and the inspector's permission to transfer the data
Article 15. Obligation to notify
Any person is obliged, provided by the legislation of Georgia and this Statute
In cases, notify the inspector of the data processing.
Article 16. Obligation to notify about biometric data processing
1. Unless otherwise provided by law, prior to the use of biometric data, data
The processing individual must provide detailed information to the inspector in writing
Biometric data processing, including information supplied to the data
The subject, the reason for the data processing and the data protection guarantees.
2. If the inspector considers that the processing of biometric data is not consistent with “personal
It shall notify the goals and principles of the Law of Georgia on Data Protection in writing
The data processor is aware of this and is authorized to request data processing
Terminate, block, delete, destroy, or depersonalize them.
3. The data processor is obliged to take into account the provisions of paragraph 2 of this Article
Demand. Prior to the consideration of the request, the data processor has no right to use this mo
Beaten.
4. The data processor may use biometric data at the request of the inspector
Even if it is necessary for the vitality of the data subject or a third party
To protect interests. In such a case, the data processor is obliged, immediately
Notify the inspector with a substantiated statement.
5. In case of non-compliance with the requirements, the inspector is authorized to use the data
Measures provided by the protection legislation.
Article 17. Notification of the inspector before the creation of the file system and entering the information in it
Commitment
1. The data processor is obliged before creating a file system and a new category in it
Inform the inspector in writing or electronically before entering the data
Cool:
A) the name of the file system;
B) Name / surname, surname and address of the data processor and authorized person;
Place of data storage and / or processing;
C) legal basis for data processing;
D) category of the data subject;
E) data category in the file system;
F) the purpose of data processing;
G) data storage period;
H) the fact and grounds for restricting the right of the data subject;
http://www.matsne.gov.ge

01010000010003017347

Page
10recipient of the data stored in the file system and their categories;
I) the
J) information on the transfer of data to another state and international organization; and
The legal basis for such a transfer;
K) General description of the procedure established for data security protection.
2. The data processor is obliged to inform the inspector under the first paragraph of this article
It is unknown at this time what he will do after leaving the post
Ness for 30 days.
3. If the inspector considers that the file system catalog is not relevant to the data processing
On the purposes and principles of the current legislation, it shall provide the data in writing
The processor reports this and requires the file system directory to be matched
With the aims and principles of the legislation.
4. The data processor is obliged to take into account the provisions of paragraph 3 of this Article
Request and ensure compliance with the file systems catalog within 20 days of receipt
Soba with the goals and principles of data processing legislation. This period may be extended
In agreement with the inspector, not more than 10 days.
5. In case the obligation specified in Paragraph 4 of this Article is not fulfilled,
The inspector is authorized to use the data provided by the data protection legislation
Investigations.
6. A data processor with no more than 20 employees shall be exempt from this
From the fulfillment of the obligation provided for in the first paragraph of Article.
Article 18. Notification due to the large number of data recipients and disproportionately large costs
Commitment
1. In case the data processor corrects, updates, adds data,
Provide information about blocking, deleting, or destroying all data recipients
Impossible due to the large number of data recipients and disproportionately high costs,
For the purposes of Article 22 of the Law of Georgia on Personal Data Protection,
The data processor is obliged to inform the inspector about such circumstances
Within 3 days of origin.
2. If the inspector considers that the violation provided for in paragraph 1 of this Article has been violated
Conditions, he is entitled to use the data provided by the data protection legislation
Investigations.
Article 19. Permission to Transfer Data to Another State and International Organization
1. Grounds provided by the Law of Georgia on Personal Data Protection
Where available, data may be transmitted to another State or to an international organization;
If:
A) data protection is provided in the relevant state or international organization
Proper guarantees;
B) this is provided by the international treaty and agreement of Georgia;
C) The data processor provides appropriate data protection guarantees and data
Protection of the fundamental rights of the subject to the data processor and the State concerned, such
Concluded between a legal or natural person of the state or an international organization
On the basis of the contract.
2. In accordance with subparagraph (c) of paragraph 1 of this Article, data may be transmitted only
http://www.matsne.gov.ge

01010000010003017347

Based on the permission of the inspector.

Page 11

3. The data processor is obliged by sub-paragraph "c" of the first paragraph of this article
In the presence of the circumstances provided, apply to the inspector in writing,
Which must be accompanied by a contract and additional documentation from the data category
And / or depending on the content of the contract. All documents must be submitted in Georgian
A notarized translation must be attached to the language and the document drawn up in a foreign language.
4. Appropriate data protection guarantees in another state and / or international organization
The existence is assessed and the decision is made by the inspector regulating the data processing
Based on the analysis of legislation and practice that resulted in it, 30
Within a day, make a decision for another state and / or international organization
On granting or refusing permission to transfer data.
Chapter IV
Inspector's participation in the legislative process,
His educational activities and the publicity of his activities
Article 20. Participation of the inspector in the legislative process
1. The inspector is authorized, on his own initiative, to the Parliament of Georgia and other public
Submit proposals to the institutions for the improvement of the legislation and prepare
Conclusions on the draft laws and other normative acts that
Related to data processing.
2. The inspector shall be entitled to receive both written and oral explanations from that State
From a representative of the body that prepares the data-related bill, and so on
Draft normative act.
3. In order to improve the legislation, the inspector is authorized to set up working groups;
Which may involve both public and private institutions and individuals
Persons.
Article 21. Implementation of educational activities by the inspector
Protection of human rights and freedoms, including the inviolability of private life,
Promotion of the Law of Georgia on Personal Data Protection and its violation
For prevention, inspector on data processing and protection issues
Carries out educational activities, including the official website of the inspector,
Seminars and meetings, study visits, invitation of experts, public and private
Through educational programs implemented in cooperation with the structures.
Article 22. Publicity of the Inspector's Activities
1. The inspector is obliged to prepare and publish a report in the country by March 1 of each year
On the status of personal data protection.
2. The report should include a general assessment of the state of data protection in the country, conclusions and
Recommendations, information on significant violations identified during the year, and review
About the measures taken. See also legal information provided by the inspector
Consultations, reviewed statements, inspections conducted, conclusions prepared and
Recommendations, measures taken.
3. The inspector is obliged, within 15 calendar days from the preparation of the official report,
Submit it to the Government of Georgia and ensure its public disclosure to the Inspector
On the official website.
Article 23. File System Catalogs Register
http://www.matsne.gov.ge

Page
12 inspector is obliged to maintain a register of file system catalogs, in which
1. The
It should be the first paragraph of Article 19 of the Law of Georgia on Personal Data Protection
Information provided by you.
2. The inspector shall ensure the publicity of the file system directory register and its
Access via the Inspector’s official website.

01010000010003017347

http://www.matsne.gov.ge

01010000010003017347

