- What does the UK GDPR say about exemptions?
- How do we apply the exemptions when processing children’s personal data?
Article 23 of the UK GDPR enables the Secretary of State to introduce exemptions from the principles at Article 5, the transparency obligations and individual rights. But only where the restriction respects the essence of the individual’s fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society in certain circumstances. For further detail of these circumstances please see our Guide to the UK GDPR.
Chapter IX of the UK GDPR provides that the Secretary of State can provide exemptions, derogations, conditions or rules in relation to specific processing activities.
The specific detail of the exemptions is provided in Schedule 2, 3 and 4 to the Data Protection Act 2018. For further information please see our Guide to the Data Protection Act.
The exemptions may allow you to process children’s personal data in ways which the UK GDPR would not otherwise allow, if certain conditions are met.
Each of the exemptions applies in a very specific set of circumstances requiring you to work your way through a specific test in each case. This is no different with children’s personal data than with adult’s personal data. You need to consider the exact wording of the individual exemption in question and decide if it applies to your processing.
So if you think you should be able to process children’s personal data in a way that doesn’t appear to be allowed by the UK GDPR, you should check the exemptions that are available in Article 23 and Chapter IX of the UK GDPR and at Schedules 2, 3 and 4 of the Data Protection Act 2018.