It has been one year since Georgia’s new Law on Personal Data Protection came into effect. This regulation introduced a number of significant obligations for both public and private sector entities, substantially raising the standard for data processing practices.
One of the key innovations was the restriction on direct marketing — specifically, the prohibition of sending promotional messages without the explicit consent of the recipient. Additionally, the law made it mandatory for certain organizations to appoint a Data Protection Officer (DPO), responsible for ensuring compliance with data protection rules and overseeing internal processes.
Where do we stand one year later?
As noted by Dr. George Mirianashvili, Head of Data Protection Officer LLC (DPO), there is now a growing interest in data protection and an increased demand for qualified professionals in the field. However, many organizations continue to face serious challenges:
There is still a lack of full understanding of the legal requirements and how to implement them in practice;
Some sectors are struggling to align their marketing practices with the new consent-based model;
In many cases, DPOs are appointed formally but not given the real capacity to carry out their responsibilities effectively.
“Data protection is not just a legal obligation — it’s a part of corporate culture that directly impacts an organization’s reputation, client trust, and operational quality,” said Dr. Mirianashvili.
At DPO, we remain committed to supporting our partner organizations through professional consultations and practical tools, helping them build real and sustainable data protection practices.