Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?

Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?

A. When the personal data is processed only in non-electronic form

B. When the personal data is collected and then pseudonymised by the controller

C. When the personal data is held by the controller but not processed for further purposes

D. When the personal data is processed by an individual only for their household activities

View Answer

Answer: D

Explanation:

The General Data Protection Regulation (GDPR) includes a number of exceptions or exclusions, and one of these is for personal or household activities.

Let’s break down the options:

A. The GDPR applies to both electronic and non-electronic (or manual) processing of personal data, provided the data is part of a structured filing system.

B. Pseudonymisation is a data protection measure encouraged by the GDPR. However, the regulation still applies to data that has been pseudonymised, as pseudonymised data can potentially be re-identified.

C. The GDPR applies to the holding (or "storage") of personal data, even if it is not being actively processed for further purposes.

D. The GDPR does not apply to the processing of personal data "by a natural person in the course of a purely personal or household activity." This means that individual persons are exempted from the GDPR for activities related to their personal and private life, such as personal correspondence or the management of a personal address book.

Given the options, it’s the personal or household activities exclusion that stands out as a situation where the GDPR does not apply.