The Information Commissioner's Office (ICO) has expanded its guidance on exemptions and international transfers in the ICO: Guide to the GDPR


The GDPR and the Data Protection Act 2018 set out exemptions from some of the rights and obligations in specified circumstances. Whether or not you can rely on an exemption often depends on why you process personal data. The updated guidance lists the exemptions available by reference to particular topics, such as crime, law and public protection and health, social work, education and child abuse.

In light of this development, I'd urge organisations that relied on exemptions under the Data Protection Act 1998 to check what is covered by the GDPR and the Data Protection Act 2018 to ensure they are correctly relying on any exemptions.

International transfers

The GDPR restricts transfers of personal data outside the EEA, or the protection of the GDPR, unless the rights of the individuals in respect of their personal data is protected in another way, or one of a limited number of exceptions applies. The updated guidance includes a useful Q&A format to determine if you are applying the rules correctly.

At Markel Law we regularly comment on SME related matters. 

Follow this link to find out more about Markel Law and how we can assist your business.