What is not protected under GDPR?

Asked by: Prof. Evans Farrell  |  Last update: February 12, 2026
Score: 5/5 (2 votes)

GDPR doesn't protect purely personal/household data, data of deceased persons, data of legal entities (corporations), or data fully anonymized; it also provides specific exemptions for national security, law enforcement, journalism, scientific research, public health, archiving, and sometimes SMEs (small businesses) with fewer than 250 employees for certain record-keeping tasks.

What data is not protected by GDPR?

Here are some examples: Domestic purposes – personal data processed in the course of a purely personal or household activity, with no connection to a professional or commercial activity, is outside the UK GDPR's scope.

What are the 7 main principles of GDPR?

Lawfulness, fairness, and transparency; ▪ Purpose limitation; ▪ Data minimisation; ▪ Accuracy; ▪ Storage limitation; ▪ Integrity and confidentiality; and ▪ Accountability.

What are the 7 data subject rights under GDPR?

The GDPR has a chapter on the rights of data subjects (individuals) which includes the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to be subject to a decision based solely on automated ...

What are the 6 legal bases of GDPR?

Article 6 of the General Data Protection Regulation (GDPR) sets out what these potential legal bases are, namely: consent; contract; legal obligation; vital interests; public task; or legitimate interests.

What is a Breach for GDPR

35 related questions found

What are the 4 pillars of GDPR?

The GDPR enforces four important principles that organizations must adhere to when handling personal data: lawfulness, fairness, and transparency; purpose limitation; data minimization; and accuracy and storage limitation.

What are the 10 key requirements of GDPR?

  • 10 key GDPR requirements. ...
  • Lawful, fair, and transparent processing. ...
  • Purpose, data, and storage limitation. ...
  • Data accuracy and security. ...
  • Data Protection Impact Assessments (DPIAs) ...
  • Privacy by design and default. ...
  • Controller–Processor contracts (Article 28) ...
  • Data subject rights enablement.

What is protected under GDPR?

GDPR Personal Data

Only if a processing of data concerns personal data, the General Data Protection Regulation applies. The term is defined in Art. 4 (1). Personal data are any information which are related to an identified or identifiable natural person.

Which of the following is not a principle under data privacy?

Answer. Answer: Data utility. Explanation: Transparency, Accountability, and Storage Limitation are principles under Data Privacy. Data utility is not typically considered a principle under Data Privacy.

What constitutes a breach of GDPR?

In short, a personal data breach is a security incident that negatively impacts the confidentiality, integrity, or availability of personal data; meaning that the controller is unable to ensure compliance with the principles relating to the processing of personal data as outlined in Article 5 GDPR.

What are the 7 golden rules of data protection?

The principles are: Lawfulness, Fairness, and Transparency; Purpose Limitation; Data Minimisation; Accuracy; Storage Limitations; Integrity and Confidentiality; and Accountability.

What are the exemptions to GDPR?

Key GDPR exemptions relate to: special purposes (archiving, research, statistics), household and personal use, law enforcement and crime prevention, and national and public security. Even if an exemption applies, organizations must generally still uphold the core GDPR principles.

What are four characteristics of the GDPR?

What are the main aspects of the General Data Protection Regulation (GDPR) that a public administration should be aware of?

  • fair and lawful processing;
  • purpose limitation;
  • data minimisation and data retention.

What is not a personal data in GDPR?

In terms of origin, non-personal data can be data which never related to natural persons (such as data on weather or supply chains), or data which was initially personal data, but has been anonymised (through use of certain techniques to ensure that individuals to whom the data relates to cannot be identified).

Which of the following is not considered personal data under the GDPR?

The following is not considered personal data under GDPR: Data related to the deceased. Inaccurate data that can't be identified to an individual. Information about legal entities.

What is considered non-personal data?

Non-personally identifiable information (non-PII) is data that cannot be used on its own to trace, or identify a person. Examples of non-PII include, but are not limited to: Aggregated statistics on the use of product/service. Partially or fully masked IP addresses.

Which is not a GDPR principle?

The option that is NOT a GDPR data protection principle is D. Sharing limitation. GDPR includes principles like purpose limitation, data minimisation, and storage limitation but does not classify sharing as a separate principle.

Which of the following is not a personal information?

Organization's attrition rate: This is statistical data about an organization, not about an individual. Therefore, it is not personal information.

What are the four privacy principles?

Give individuals choices as to how they want or don't want their data to be used. Allow individuals to have their data deleted or corrected. Be prepared to give individuals access to a copy of their data if they ask for it. Take reasonable and appropriate steps to secure personal data.

What is not protected under the GDPR?

The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.

Is email considered personal data under GDPR?

Yes, email addresses are personal data. According to data protection laws such as the GDPR and the CCPA, email addresses are personally identifiable information (PII).

What are 5 examples of personal data?

What is personal data?

  • a name and surname.
  • a home address.
  • an email address such as 'name.surname@company.com '
  • an Internet Protocol (IP) address.
  • an identification card number.
  • a cookie ID.
  • the advertising identifier of your phone.
  • data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.

What are the 7 principles of GDPR?

The UK GDPR sets out seven key principles:

  • Lawfulness, fairness and transparency.
  • Purpose limitation.
  • Data minimisation.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality (security)
  • Accountability.

What are the 6 lawful bases of GDPR?

What are the lawful bases for processing? The lawful bases for processing are set out in Article 6 of the UK GDPR. At least one of these must apply whenever you process personal data: (a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

What are the 4 elements of data security?

The four components - Confidentiality, Integrity, Authenticity, and Availability - ensure that data remains private, accurate, verified, and accessible at all times.