The General Data Protection Regulation was enforced in the EU on May 25, 2018. Businesses gathering or processing the personal information of residents in the EU must comply with the GDPR but there are a few GDPR exemptions and derogations that they should know.
The GDPR’s goal is to protect the privacy and data rights of EU residents. Although GDPR is an EU legislation, it applies to all companies regardless of location. Whether a company is in an EU or non-EU nation, GDPR compliance is mandatory.
The GDPR covers small and big organizations, individuals, or companies having websites that can be accessed in the European Union. Aside from limited GDPR exemptions, all businesses that make free or paid products or services available to EU citizens and monitor consumer behavior are required to follow the GDPR.
What are Some GDPR Exemptions?
There are a few GDPR exemptions related to the processing of personal information as described in the following:
Information processed through the course of an activity going past the control of the EU
GDPR does not apply to people processing data for personal or family use only
GDPR does not apply to government agencies and authorities when gathering or processing information for the prevention, investigation, recognition, or prosecuting criminal acts or executing criminal charges or preventing threats
GDPR does not apply to the handling of Member States’ personal information to be utilized for activities protected by Chapter 2, Title V, of the Treaty on European Union.
Derogations as per GDPR Article 23
The goal of the GDPR is to coordinate data protection laws throughout all EU Member States. However, Member States can have derogations and supplemental regulations that are country-specific, as specified in the Restrictions in Article 23.
When presenting derogations, it is important to honor the rights of EU locals and make sure their information are secured. These areas permit the inclusion of derogations:
The defense and public security of countries
Permitting and securing judicial independence
The identification, investigation, prosecution and prevention of criminal acts
To impose civil law claims
The security of subjects important to the interest of the state such as social, budgetary and health issues
Derogations as per GDPR Articles 85-91
Articles 85-91 of GDPR also cover conditions where derogations are just fitting of particular Member States. These correlate to:
Public access to official files
National identification numbers
Freedom of expression and information
Data for scientific or historical research studies
Employees’ private information
Storage in the public interest
Churches and other religious groups
Obligations of confidentiality
In all cases, it is still critical to secure data.