Increased numbers of detected violations and citizens’ complaints, strengthened capacity of the Inspector’s Office - The Office of the Personal Data Protection Inspector released the 2016 Annual Report on the State of Personal Data Protection and the Activities of the Office of the Personal Data Protection Inspector. The Report examines the tendencies of data protection in the country, activities of the Inspector’s Office, existing challenges, revealed violations and measures undertaken to prevent the breaches of law.

As a result of the complaints and conducted inspections throughout the reporting period, the Inspector’s Office examined data processing in the following sectors:

Public Sector

Private Sector

Consequently, overall 221 cases of violation were revealed: fines were imposed on 63 organisations while 35 organisations were warned. Number of public and private organisations were assigned to upgrade the necessary organisational or technical measures through the 202 guidelines and recommendations released by the Inspector. In case of 47 organisations, the responsibility established by the legislation was not imposed due to expiration of the statutory limitation period, whereas the 6 cases were passed to the relevant agencies since there were detected presence of elements of crime.

Compared to 2015, throughout 2016 the number of consultations delivered to citizens and various public and private organizations tripled; Likewise, the number of citizens’ complaints doubled.

The Inspector examined 216 complaints overall, including the 121 complaints related to the issues of the legal grounds for legitimate data processing. Majority of the complaints were concerned either with the illegal access to the information about citizens’ financial liabilities and disclosure of this information to the third parties or disclosure of the information regarding the citizens’ medical conditions.

In terms of the oversight over covert investigative activities through the two-stage electronic monitoring system the Inspector did not authorize the launch of the covert investigative activities in 47 cases - due to either technical discrepancies revealed during the examination of legitimacy of the grounds for data processing or inaccuracies/ambiguities detected in the resolution part of judicial decisions. Compared to 2015, the number of judicial decisions regarding wiretapping increased by 48, while the number of solicitations regarding the extension of the period decreased by 6.

48 citizens addressed the Inspector to examine the violation of direct marketing rules. Subsequently, violations were detected in 30 cases, fines were imposed on 27 organisations, while the sanctions were not imposed in the remaining 3 cases due to expiration of the statutory limitation period established by legislation.

With the assistance of the United Nations Development Program (UNDP) and the European Union, the Institutional Development Strategy of the Inspector’s Office for 2017-2021 was elaborated incorporating the values, mission, vision, objectives and two-year action plan of the Office. Numerous information and educational campaigns and meetings were conducted in order to raise awareness of the public regarding the personal data protection issues.

In order to implement the Association Agenda of the Association Agreement between Georgia and the European Union the Office launched working on draft legal proposals, with the involvement of the Inspector’s Office cooperation with Europol was strengthened. Incooperation with the Council of Europe the Office started elaboration of the guidelines for the media to promote the balance between the right to privacy and freedom of expression in media activities. The Office hosted the first conference of the Eastern Partnership Data Protection Authorities, fostered bilateral cooperation with data protection authorities of other countries.

The Personal Data Protection Inspector submits the Report to the Executive and Legislative branches of the Government once a year. This is the fourth Annual Report submitted by the Office of the Personal Data Protection Inspector.