SERVICES
REPRESENTATION BEFORE THE SUPERVISORY AUTHORITY AND THE COURTS
DRAFTING OF INTERNAL ORGANIZATIONAL DOCUMENTATION
To achieve and demonstrate compliance with data protection legislation, the organization must have in place internal organizational rules and procedures. The organization should have adopted documents such as a privacy policy, data protection impact assessment (DPIA) report, access policy, cookie policy, etc. Also, it is crucial to develop standard document forms (data processing agreements (DPAs), consent and complaint forms, etc.). Privacy Logic Group offers identification and development of documents required for your organization regarding personal data protection, revision of existing documents in the organization and bringing them into compliance with new data protection legislation, as well as integration of data protection rules into existing operational procedures. Remember that good internal regulation and documentation of data protection issues demonstrate your accountability and will positively affect both the customer and the supervisory authority.
DATA PROTECTION OFFICER (DPO)
According to the new law on “Personal data protection”: public institution, insurance organisation, commercial bank, microfinance organisation, credit bureau, e-communications company, airlines, airport, medical institution and also data controllers and data processors who process data of large volumes of data subjects or carry out systematic and wide-scale monitoring of behaviour are obliged to appoint a data protection officer. To fully fulfill the tasks and functions of the data protection officer, a highly qualified employee with a deep knowledge of the specifics of data protection is required. Finding or training professionals of such competence is associated with considerable costs. For most organizations, it might be more beneficial to outsource the services of a data protection officer. While managing your organization’s case, the External DPO is backed by a certified team of Privacy Logic Group, which has many years of international and local experience, including working with data protection supervisory authority. At your service, you have not only the competence of one professional but the experience of a team of professionals with versatile competence who can solve and manage both legal and organizational-technical issues.
REPRESENTATION BEFORE THE SUPERVISORY AUTHORITY AND THE COURTS
We provide legal representation before Personal Data Protection Service, state institutions, and courts, also in proceedings and/or litigation regarding data protection issues.
DATA PROTECTION IMPACT ASSESSMENT (DPIA)
Effective protection of personal data cannot be achieved without proper implementation of appropriate organizational and technical measures, which can be data security, including physical security, data access control, determination of roles and responsibilities within the organization, the manner of responding to identified risks, etc. In order to determine the appropriate measures, the new law envisages a mandatory DPIA for some data processing processes. We offer to identify and group those processes for which the new law obliges to conduct the DPIA. Also, drafting a standard procedure (including update cycle) and form for the DPIA, directly conducting impact assessment/participating in the process, and preparing relevant reports.
CONSULTATION
Privacy Logic Group provides private and public organizations as well as individuals full-fledged consultation on any issue related to personal data protection. Consultation can be related to both general issues of data protection or the solution of specific, complicated cases and/or the preparation of documentation. Both face-to-face and online consultations are accepted. The quality of our consulting is based on in-depth knowledge of Georgian and international practice. Our team constantly observes and studies the decisions of the Personal Data Protection Service of Georgia and the court, as well as the decisions and opinions of European supervisory authorities and recognized international organizations in the field of data protection.