The GDPR allows for exemptions, enabling controllers to drop certain requirements when they conflict with other important issues like criminal investigations. Perhaps confusingly, the exemptions aren’t actually included; the original GDPR sets out the parameters and it’s for each individual member state to devise what they cover in separate legislation. Even now the UK is out of the EU, we retain this approach.
The Data Protection Act 2018 contains all the important exemptions, explaining the circumstances where data can be reused outside the parameters of the original purpose for gathering it, processed without transparency or withheld from subject access. This course covers how the exemptions work, what areas they cover, and includes insights from a recent unsuccessful challenge to the immigration exemption.