Are There Exemptions to the Personal Data Protection Act?

The personal data protection act controls how companies and organizations make use of the personal information that they collect from people, customers, consumers and the like. The act aims to protect individuals from information leaks and breaches that are usually happening.

In some cases, the personal data protection act sets out exemptions for some of the rights and obligations that are covered under certain circumstances. So, what are these exemptions? Let’s find out.

Available Exemptions of the PDPA (as seen on the United Kingdom Information Commissioner’s Office’s (ICO) official website)

Crime, law and public protection

  • Crime and taxation: general and risk assessment
  • Information (disclosed by law or in connection with legal proceedings)
  • Legal professional privilege
  • Self-incrimination
  • Disclosure prohibited or restricted by an enactment
  • Immigration
  • Functions designed to protect the public
  • Audit and Bank of England functions

Regulation, parliament and the judiciary

  • Regulatory functions relating to legal services, the health service, and children’s services
  • Other regulatory functions
  • Parliamentary privilege
  • Judicial appointments, independence, and proceedings
  • Crown honors, dignities and appointments

Journalism, research and archiving

  • Journalism, academia, art, and literature
  • Research and statistics
  • Archiving in the public interest

Health, social work, education, and child abuse

  • Health data – processed by a court
  • Health data – an individual’s expectations and wishes
  • Health data – serious harm
  • Health data – restriction of the right of access
  • Social work data – processed by a court
  • Social work data – an individual’s expectations and wishes
  • Social work data – serious harm
  • Social work data – restriction of the right of access
  • Education data – processed by a court
  • Education data – serious harm
  • Education data – restriction of the right of access
  • Child abuse data

Finance, management, and negotiations

  • Corporate finance
  • Management forecasts
  • Negotiations

References and exams

  • Confidential references
  • Exam scripts and exam marks

Subject access requests – information about other people

  • Protection of the rights of others

What do these exemptions mean?

These exemptions mean that there are certain circumstances wherein the PDPA exempts particular provisions. If this happens, the parties involved in the exemption need not comply with the usual right and obligations as entailed by the PDPA.

The ones enumerated above are the detailed available exemptions as stated in the official website of the United Kingdom Information Commissioner’s Office or ICO. The exemptions are added to the existing provisions and/or complement them. 

In addition, the exemptions can lift some a portion of the compliance obligations such as:

  • The right to be informed;
  • The right of access;
  • Dealing with other individual rights;
  • Reporting personal data breaches; and
  • Complying with the principles.

Some exemptions apply to only one of the above, but others can exempt you from several things.

Special instances concerning exemptions

Lastly, there are exemptions that are not really called as such but have the same function. They are not officially called exemptions because of a very simple reason; they are not covered by the General Data Protection Regulation or GDPR.

Check out some of its examples:

Personal activities

This means personal data taken from home and personal transactions that have no professional connection whatsoever. Without commercial or business ties, this is outside the scope of the GDPR thus qualifying it as an exemption.

Law enforcement

This means personal data processed by the authorities to be used for law enforcement. This is, again, outside the scope of the GDPR.

National Security

This means personal data processed in the name of national security and defense.