<h3>Personal Data Protection for Business in Georgia: What Companies Should Consider in 2026</h3> <p>Introduction: What Changed on March 2, 2026? As of March 2, 2026, the Personal Data Protection Service was abolished and its functions - supervision, inspections, incident review, and receipt of statements from subjects - were transferred to the State Audit Service. This change raises open questions. The Personal Data Protection Service was a specialized, separately established institution, while the main mandate of the State Audit Service is control of state finances. The specialized competence and speed of the new structure are still to be tested. Business and the civil sector should closely monitor this development. What has not changed: The requirements of the law - obligations, penalties, and rights of subjects - are in full force. Official contact: State Audit Office - sao.ge</p> <h3>Part I: Who does the law apply to?</h3> <p>The Law “On Personal Data Protection” applies to all persons or organizations that process data on the territory of Georgia using automated or semi-automated means; or are based outside Georgia but process local data using technical means available in Georgia. This means that the law applies to: all companies, institutions where personal data of a person is processed. Video, audio monitoring. Exception: completely personal and family activities of a natural person, which are not related to entrepreneurial or professional activities. In addition, the law does not apply to the processing of personal data of a legal entity. The focus of the law is the personal data of a natural person.</p>
LegalGELegalGE