To be accurate, The General Data Protection Regulation (GDPR) soon to go into effect on May 28, 2018 applies to all businesses based in the European Union. But it also applies to any organisations anywhere in the world that have customers who are citizens of any of the European Union countries.
So to whom do these regulations not apply? Who needs not to concern themselves with the stiff penalties of GDPR?
Article 23 outlines the process for EU member states to petition for exemptions based on specific matters. Articles 85 and 91 also outline where and when exemptions apply.
The other consideration is one of overlooking the restrictions outlined to protect citizens’ data. Specifically, these exemptions apply to European Union member states. They must introduce their wish for exemption and may do so only if those rights and freedoms of individuals might pose a threat to the member state.
Examples of when these situations might occur include threats to:
- The security of the member state’s citizens
- The need to prevent a crime
- The need to conduct a criminal investigation
- The prosecution of an individual or group
- National security
- Financial security of the member state and/or its citizens
- Budgetary matters of the member state
- Taxation concerns
- Ethics or morals of the member state
- Public health of the citizens of the member state
- Judicial protection
- Protection of individual rights of other citizens
- Civil law enforcement
- Freedom of information
Member states are not limited to the protections for its citizens described by GDPR. They may institute additional safeguards within their jurisdiction.
Countries like Germany have already put additional protections for the data of its citizens into place. The goal for these additional measures is to protect the personal data of its citizens by providing a secure environment.