On the Unified State Registry of Information

LAW OF GEORGIA

ON THE UNIFIED STATE REGISTRY OF INFORMATION

Chapter I - General Provisions

Article 1 -Aim of the Law

This Law aims to support the establishment of a unified state registry of registries, databases, services and information systems available in the public sector of Georgia, as well as the receipt, transmission and compatibility of information in the public sector by observing the principle of technological neutrality, and to regulate the basic principles of the establishment, use and alteration of registries, databases, services and information systems, and to standardise the rules for maintaining registries, databases, services and information systems, and to define the main directions of state information policy in the field of registries, databases, services and information systems.

Article 2 - Definition of terms used in the Law

The terms used in this Law have the following meaning:

a) data - facts and ideas represented in a formalised form, which makes them suitable for transmission and processing in the information process;

b) a data owner - a person or entity that authorises access to certain data and is responsible for maintaining their accuracy, integrity and timeliness;

c) data processing - to collect, record, organise, store, change, access, retrieve, use, transfer, combine, close, erase, or destroy data, or to perform a combination of any of these actions, regardless of the means through which the action is taken or the method used;

d) a database - a collection of works and/or other data and material arranged in a systematic or methodical way, and which are individually accessible by electronic or other means. This term does not include computer programmes used in the development or use of databases accessible by electronic means;

e) the maintenance of a database - data processing, storage of data processing records, data protection and the organisation of these activities;

f) a registry subject - an administrative body, or a medical or authorised educational institution, which creates, changes, erases or destroys data;

g) an information system - any combination of information technologies and actions performed using these technologies, which supports management and/or decision-making;

h) a registry – the formal and/or official record of objects, names, actions, or of any other information;

i) a service – a service offered by a registry subject to entities and/or customers and that requires data processing;

j) a catalogue - a systematised list or record of data that includes their description;

k) a business process - a structured combination of activities and tasks related to each other, which creates a particular product or service for a group of users or a single user;

l) the principle of technological neutrality - not giving unjustified preference to a particular technology when equal resources are available;

m) archiving - storing in the archive documentation and records of historical importance and/or inactive records, or other data.

Chapter II - Unified State Registry of Information

Article 3 - Unified State Registry of Information

1. The Unified State Registry of Information is a unified catalogue of the databases, registries, services and information systems of registry subjects, which aims to describe the informational resources available in the public sector of Georgia, and to establish uniform standards for handling information, and to coordinate information systems, and to support continuous development, and to facilitate the unified information policy and the efficient use of public resources.

2. The legal entity under public law under the Ministry of Justice of Georgia called the Data Exchange Agency ('the Data Exchange Agency') maintains the Unified State Registry of Information.

3. The Data Exchange Agency coordinates the establishment and implementation of uniform standards for the maintenance of databases, registries, services and the information systems of registry subjects.

4. The Data Exchange Agency gives recommendations to relevant registry subjects on issues relating to the establishment, use, alteration and expansion of databases, registries, services and information systems, as well as on a combination thereof or their compatibility with another database, registry, service or information system, and on their closing down and on other issues.

5. The Data Exchange Agency produces and submits recommendations on the alteration and modernisation of the rules governing the case management procedures of a registry subject, which aim to simplify the flow of electronic documentation.

6. The Data Exchange Agency produces and submits recommendations on the creation, improvement and optimisation of the services of registry subjects.

7. Information regarded as state secrets under Georgian legislation shall not be included in the Unified State Registry of Information and this Law shall not apply to such information.

Article 4 - Obligation to notify of the establishment of databases, registries, services and information systems

1. Registry subjects shall notify the Data Exchange Agency in writing, within 30 days after establishing a database, registry, service or information system.

2. The date of the initial use of a database, registry, service or information system for its designated purpose by users shall be considered as the moment of the creation of the database, registry, service, or information system, and as the moment when the obligation of notification arises under this Law.

3. The obligation to notify provided for by this article shall apply equally to any substantial alteration in the maintenance of a database, registry, service or information system that leads to the alteration of its content, or expands or narrows its scope, or affects communication with it or related business processes, and, at the same time, affects any of the data specified in Article 5(2) and/or (3) of this Law.

Article 5 - Types of information to be submitted to the Data Exchange Agency

1. A registry subject's written notification specified in Article 4 of this Law shall contain information describing the operational, informational and technological environment.

2. Information to be submitted on the operational environment shall contain the following data:

a) contact information of the data owner and/or its authorised representative and a description of its major activities;.

b) the description and the purpose of maintaining the database, registry, service or information system;

c) the case management method, which is used in the maintenance of the database, registry, service or information system; a short description of and other information on the business process of the information processing, which describes the process of the maintenance of the database, registry, service or information system.

3. Information to be submitted on the informational and technological environment shall contain the following data:

a) the technical standards applied with respect to the database, registry, service or information system;

b) the contact details of the administrator of the database, registry, service or information system, or of another authorised person;

 c) details on the person or agency or the authorised person, if any, responsible for the identification and correction of errors made during the maintenance of the database, registry, service or information system;

d) information on data protection measures.

4. The Data Exchange Agency shall establish procedures, technical standards, formats and forms of submitting information provided for by this article.

Article 6 - Expansion or combination of a database, registry, service or information system.

1. The database, registry, service or information system of a registry subject can be expanded or combined with another database, registry, service or information system, if:

a) expansion or combination is required for the registry subject to perform its functions more efficiently;

b) a relevant normative act imposes a new function on the registry subject and the proper performance of this function requires expansion or combination.

2. Notification of the expansion or combination of a database, registry, service or information system shall be sent to the Data Exchange Agency.

3. The Data Exchange Agency shall establish the form of the notification provided for by paragraph 2 of this article and other related procedures.

Article 7 - Closing down, destroying, archiving or transferring a database, registry, service or information system

1. A registry subject shall notify the Data Exchange Agency of a decision to close down, destroy, archive or transfer a database, registry, service or information system 30 days before executing the decision. The Data Exchange Agency shall give recommendations on the reasonableness of the close down, destruction, archiving or transfer.

2. The Data Exchange Agency shall define the form of notification provided for by paragraph 1 of this article and other related procedures.

Article 8 - Personal data protection

1. The Data Exchange Agency/the Unified State Registry of Information shall not parse, process or alter the content of submitted information in any way. It shall observe informational neutrality.

2. The Data Exchange Agency/the Unified State Registry of Information shall not be responsible for protecting personal data within the scope of the functions that include access to personal data in a registry subject's databases, registries or information systems for performing duties determined by this Law.

Article 9 - Mechanisms for enforcing the provisions of this Law

1. The Data Protection Agency may, after receiving and reviewing any of the notifications provided for by this Law, recommend that a registry subject refrain from the establishment, alteration, expansion, combination, closing down, destruction or archiving of a database, registry, service or information system, if such an action can be regarded as an obstruction to the functioning of another system or systems, and/or if the maintenance of the database, registry, service or information system or the processing of data therein contravenes the standards established by the Data Exchange Agency or by this Law.

2. The Data Exchange Agency shall send a written warning to the person responsible for the transfer of information in the relevant entity if the registry subject does not meet its obligation to inform/notify the Data Exchange Agency as required by this Law. In the case of repeated failure to provide information, the Data Exchange Agency shall send a written notification to the head of the registry subject describing the violation and giving recommendations for remedying the violation.

Chapter III - Basic Principles for Maintaining a Database, Registry, Service or Information System

Article 10 - Principles of data processing in a database, registry, or information system and in the process of rendering services

In the process of maintaining a database, registry, or information system and of providing services, a registry subject may collect and/or process only the data that are required for the performance of its functions defined under the relevant normative act, or only when such data processing is directly provided for by the normative act.

Article 11 - Access to data in the process of maintaining a database, registry, or information system and providing services

The information stored and/or processed in a database, registry or information system of a registry subject and in the process of providing services shall be public and accessible, unless access or publication is restricted by law.

Chapter IV - Transitional and final provisions

Article 12 - Transitional provision

The Data Exchange Agency shall be notified, within 90 days after this Law comes into force, of any database, registry, service or information system operating at the time of the entry into force of this Law.

Article 13 - Entry of the Law into force

This Law shall enter into force from 1 June 2011.

President of Georgia                                                                                                                                                      M. Saakashvili

Tbilisi

5 May 2011

No4634 - Iს