The Information Commissioner's Office (ICO) has expanded its guidance on exemptions and international transfers in the ICO: Guide to the GDPR.
The GDPR and the Data Protection Act 2018 set out exemptions from some of the rights and obligations in specified circumstances. Whether or not you can rely on an exemption often depends on why you process personal data. The updated guidance lists the exemptions available by reference to particular topics, such as crime, law and public protection and health, social work, education and child abuse.
In light of this development, I'd urge organisations that relied on exemptions under the Data Protection Act 1998 to check what is covered by the GDPR and the Data Protection Act 2018 to ensure they are correctly relying on any exemptions.
The GDPR restricts transfers of personal data outside the EEA, or the protection of the GDPR, unless the rights of the individuals in respect of their personal data is protected in another way, or one of a limited number of exceptions applies. The updated guidance includes a useful Q&A format to determine if you are applying the rules correctly.
At Markel Law we regularly comment on SME related matters.
Follow this link to find out more about Markel Law and how we can assist your business.
The Guide to the GDPR explains the provisions of the GDPR to help organisations comply with its requirements. It is for those who have day-to-day responsibility for data protection. The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of this apply, like the GDPR, from 25 May 2018.