Hospitality & Retail - 2019 -

Georgia

1. What is your state’s law on the use of CBD oil in products to be sold to the public, i.e. cosmetics, etc.?

Georgia legalized the medical use of low tetrahydrocannabinol (THC) oil in 2015 with the passage of House Bill 1, known as the “Haleigh’s Hope Act.” The Act was subsequently amended by SB 16, effective July 1, 2017, which changed the definition of “low THC oil” and expanded the list of conditions eligible for use of low THC oil.

Georgia last modified the Act on May 3rd, 2018, with the passage of House Bill 65. House Bill 65 created a “Joint Study Commission on Low THC Medical Oil Access” to replace the “Georgia Commission on Medical Cannabis” which ended when its authorizing legislation was automatically repealed in 2016 via a sunset clause in Ga. Code Ann. 31-50-5. House Bill 65 also added two additional conditions to the list of fourteen conditions enumerated in 31-2A-18(a)(3) which satisfy the medical need requirement to obtain a registration card under 31-2A-18(d).

In 2019, the Georgia Hemp Farming Act was enacted to permit hemp farming and hemp processing in Georgia. The definition of “hemp” includes any part of the cannabis sativa L. plant and all derivatives, with no more than a 0.3% concentration of THC. O.C.G.A. § 16-13-21 was amended to exclude “hemp or hemp products as such terms are defined in Code Section 2-23-3.” Otherwise, there are no state laws restricting the sale of any products containing CBD oils.

One caveat relates to the sale of food or dietary supplements containing CBD oil. Georgia Agriculture Commissioner Gary W. Black issued a press release, emphasizing that Georgia follows the FDA regulations which prohibit the inclusion of CBD or hemp in food, animal feed, or dietary supplements.

2. Regarding privacy issues, has your state adopted its own version of GDPR or how is your state dealing with GDPR requirements? What other privacy laws has your state adopted recently in response to concerns about the lack of protections for consumers?

N/A. There are no new laws addressing GDPR data privacy issues; however, data breach laws are codified at O.C.G.A. § 10-1-910-912 (2005), as amended (2007).