Georgian DPL

Law of Georgia on Personal Data Protection No. 3144/2023

Flag of GE
GeorgiaOpt-inNational
Back to Regulations Guide

Key Facts

Effective Date
March 1, 2024
Enacted
June 14, 2023
Enforcing Authority
PDPS (Personal Data Protection Service)
Consent Model
Opt-in
Applies To
Any organization processing personal data of individuals in Georgia, including using technical means within the country

Overview

Georgia's Law 3144/2023 is a GDPR-aligned data protection law that entered into force in phases starting March 1, 2024, with full implementation expected by January 1, 2027. While it lacks specific cookie provisions, general consent requirements apply to cookies processing personal data.

What This Means for Your Website

  • Consent is required for non-essential cookies that process personal data of Georgian visitors
  • Financial penalties are modest (GEL 1,000-10,000 / ~EUR 350-3,500)
  • Criminal penalties including imprisonment are available for severe violations
  • Data protection impact assessments are required for high-risk processing

Key Requirements

The PDPS (Personal Data Protection Service) oversees enforcement and can suspend data processing activities. Financial penalties range from GEL 1,000 to 10,000 (~EUR 350-3,500), but criminal penalties including imprisonment are possible for severe violations. The law introduces GDPR-aligned requirements phased in through 2027, including DPIAs and DPO requirements.

How ConsentStack Handles This

ConsentStack applies opt-in consent for Georgian visitors, ensuring compliance with the GDPR-aligned requirements as they phase in through 2027.

Penalties

GEL 1,000-10,000 (~EUR 350-3,500). Criminal penalties including imprisonment possible in severe cases.

Maximum Fine
GEL10,000 per violation

Key Requirements

  • Consent for non-essential cookies processing personal data
  • Data protection impact assessments for high-risk processing
  • Data Protection Officers in certain circumstances
  • Data subject rights aligned with GDPR principles
  • PDPS notification requirements

Notable Provisions

  • Phased implementation through January 1, 2027
  • Low financial penalties but criminal penalties available
  • No specific cookie law — general data protection applies
  • GDPR-aligned framework

Other Europe Regulations

GDPREuropean Union + EEA
The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.
PECRUnited Kingdom
PECR is the UK's cookie-specific law, requiring consent before storing or accessing cookies. The DUAA 2025 significantly increased penalties from GBP 500,000 to GBP 17.5 million and introduced analytics exceptions on an opt-out basis. Only strictly necessary cookies are exempt.
ePrivacy DirectiveEuropean Union + EEA
Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.
Loi Informatique et LibertésFrance
France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.
UK GDPRUnited Kingdom
The UK GDPR is the retained EU GDPR post-Brexit, with consent standards identical to the EU version. The UK adequacy decision was renewed December 2025, valid until December 2031. Combined with PECR, it forms the legal framework for cookie consent in the UK.
TDDDGGermany
Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.

Frequently Asked Questions

Does Georgia have a cookie-specific law?

No. Georgia's Law 3144/2023 is a general GDPR-aligned data protection law. Cookies processing personal data fall under general consent requirements.

What are the penalties under Georgian data protection law?

Financial penalties of GEL 1,000-10,000 (~EUR 350-3,500) are modest, but criminal penalties including imprisonment are available for severe violations.

When is Georgia's data protection law fully implemented?

The law entered force in phases from March 2024, with full implementation expected by January 1, 2027.

Stay compliant with Georgian DPL

ConsentStack helps you implement Opt-in consent for Georgia automatically.

Get started free