Cross-border Data Transfer

Cross-border transfer of data to another state or international organization means transfer of data to a recipient that does not fall under Georgian jurisdiction. For example, if your company is registered in Georgia and sends consumer data to its partner operating in another country – this will be considered cross-border data transfer.

Transfer of data to other state and international organization shall be admissible if:

• there are grounds for data processing envisaged under this Law and if appropriate safeguards for the protection of data and data subject’s rights are observed by the respective state or international organization

• transfer of data is envisaged by Georgia’s international treaty or agreement;

• data controller provides appropriate guarantees for protection of data and protection of data subject’s rights on the basis of an agreement between a data controller and the respective state, a natural or legal person of that state or an international organization;

Transfer of data on the basis of a contract requires permission of Personal Data Protection Service.