Exemptions to the UK general data protection regime

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Exemptions to the UK general data protection regime
  • Key guidance and resources
  • The scope of the GDPR regimes
  • Exemptions in the DPA 2018
  • Which rights and obligations do the exemptions apply to?
  • Which exemptions are most relevant to businesses?
  • When can an organisation rely on an exemption?
  • Accountability and exemptions
  • Crime and taxation exemptions
  • Crime and taxation—general
  • More...

On 31 January 2020, the UK ceased to be an EU Member State and entered a Brexit implementation period. Due to the extensive similarities between the exemptions applicable under:

  1. the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime (applicable under UK law until the end of the Brexit implementation period at 11 pm UK time on 31 December 2020), and

  2. the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime (applicable under UK law from the end of the Brexit implementation period on 31 December 2020)

this Practice Note addresses exemptions under both the UK GDPR and EU GDPR (as applicable under UK laws) and generally refers to both as the ‘GDPR’ for convenience. Given how long it takes for data protection cases to be resolved or historic issues to otherwise arise, the exemptions that applied under the EU GDPR regime in the UK are likely to remain of interest to certain practitioners for some time.

This Practice Note does not consider exemptions to other data protection regimes, including the ‘applied GDPR’ regime (applicable prior to the end of the Brexit implementation period) or the regimes applicable to the processing of personal data by competent authorities for law enforcement purposes or by the intelligence services. For further background on those other regimes, see Practice Note: The Data Protection Act 2018.

For

Popular documents