The LPDP explicitly addresses the use of equipment within Georgia as a factor for determining the law's applicability. Article 3(2)(b) extends the scope of the law to data processors who are not registered in Georgia but use "technical means existing in Georgia for data processing". This provision aims to capture data processing activities that occur within Georgia's territory, regardless of the processor's place of establishment.

However, the law provides an important exception: if the technical means in Georgia are used "only for data transfer", the law does not apply. This exception likely aims to exclude mere data transit scenarios, where Georgia's infrastructure is used solely for routing data without any substantive processing taking place.

An additional requirement is imposed on data controllers in such cases: they "must appoint/designate a registered representative in Georgia". This ensures that there is a point of contact within the country for regulatory and compliance purposes.

Implications

The inclusion of this factor has several implications for businesses:

1. Non-Georgian companies: Entities not registered in Georgia but using equipment there for data processing will fall under the LPDP's jurisdiction, potentially requiring them to comply with Georgian data protection standards.
2. Cloud services: Companies offering cloud services with servers or other technical infrastructure in Georgia may be subject to the LPDP, even if they are not formally established in the country.
3. Data transfer exception: Businesses merely routing data through Georgia without processing it there can likely avoid the law's application, which is particularly relevant for telecommunications and internet service providers.
4. Local representation: Data controllers utilizing equipment in Georgia for processing must establish a local representative, potentially increasing compliance costs and administrative burdens.
5. Territorial reach: This provision effectively extends the LPDP's reach beyond Georgia's borders, capturing foreign entities that interact with Georgian infrastructure for data processing purposes.
6. Compliance considerations: Companies must carefully assess whether their use of technical means in Georgia constitutes data processing or mere data transfer to determine if they fall under the LPDP's scope.