The General Data Protection Regulation is the central legal standard for the processing of personal data. However, when it comes to its application, one key step is often ignored: Which types of data processing are subject to the General Data Protection Regulation at all?
The Household exemption
Article 2 defines the material scope of application of the General Data Protection Regulation. According to the principle of Art. 2 (1) GDPR, the GDPR applies to the wholly or partially automated processing of personal data and to certain non-automated data processing operations.
However, some exceptions to this principle are defined in the following paragraphs of Art. 2. One reason for not having to comply with the numerous requirements of the GDPR is the intervention of the so-called household exemption from Art. 2(2)(c) of the GDPR. According to this provision, all data processing operations are not subject to the GDPR that are carried out by natural persons for the exercise of exclusively personal or family activities
In contrast, economic activities, regardless of their nature, are no longer subject to the household exemption of Article 2(2)(c) of the GDPR. This also applies to data processing operations that do not serve economic purposes, but which can no longer be assigned to the purely private sphere of the data user.
For the necessary differentiation between private and non-private activity and thus between non-applicability of the General Data Protection Regulation and its applicability, an overall consideration of the data processing is required, with particular regard to the purpose of the processing as well as local and social characteristics of the processing situation.
Data processing without specifications?
If the General Data Protection Regulation is not applicable to a specific form of data processing, this does not mean that no legal requirements apply to this use of personal data. Rather, the personal rights of the data subjects, which are in part substantiated by civil and criminal laws, must be observed here as well.
Applicability of the household exception in the operational context?
The question now arises as to what extent the household exemption is relevant in the operational context. Based on what has been said so far, it can be assumed that all operational data processing operations do not fall under the household exemption and therefore do not have to comply with the requirements of the GDPR.
Now, however, the reverse is true. Since the household exemption in Article 2 (2) (c) GDPR is to be interpreted so narrowly, more types of data use are covered by the provisions of the GDPR than is generally assumed. This applies in particular to processing activities which, although carried out for private interests, nevertheless have points of contact with the business sphere. It is sufficient, for example, if contact data is used for both business and private purposes.
We will be happy to support you with any questions you may have about data protection. Simply call us at our headquarters in Hutthurm at +49 (0) 8505 91927 – 0 or at our branch office in Munich at +49 (0) 89 413 2943 – 0 or use our contact form.
Nadja-Maria Becke leitet unser Inhouse-Juristen-Team. Sie studierte an der Universität Passau Rechtswissenschaften mit anschließendem Referendariat sowie erstem und zweitem Staatsexamen. Ihr Spezialgebiet ist Datenschutzrecht. Ihr fundiertes Wissen hält sie jederzeit aktuell. Für unsere Kunden und unser Team hat sie so immer einen Rat für eine passgenaue Lösung parat.
This post is also available in: German