OneTrust GDPR Deep Dive Series Chapter 9: Provisions Relating to Specific Processing Situations

Chapter 9 of the General Data Protection Regulation (GDPR) cover a set of derogations and exemptions for specific types of processing. It includes requirements on the processing of employee data, use for journalistic and academic purposes, public access to official documents, and scientific and historical research, to name a few.

Freedom of Expression and Information

Article 85 requires that Member States, when implementing the Regulation at the national level, provide exemptions to “reconcile the right to protection of personal data… with the right to freedom of expression and information.” This allows for data processing on specific data for certain purposes to protect journalistic, academic, artistic, and literary expression.

Public Access to Official Documents

This provision allows for personal information in official documents to be disclosed, but that is not without limit. Public sector data re-use does not change authorities’ obligations or individual rights.

National Identification Numbers

Article 87 recognizes Member States’ rights to process national IDs, but requires appropriate safeguards to be in place.

Employee Data

This provision gives Member States the right to create stricter or more specific rules in employee data processing covering the employment lifecycle from recruiting to termination. Additionally, it requires outlining when consent is needed in certain instances.

Scientific, Historical, and Statistical Purposes

Article 89 outlines under what circumstances and how controllers can process data for scientific, historical, or statistical reasons, given that safeguards are in place when doing so. It also states that if anonymisation is not possible in conducting this kind of research, then pseudonymisation is required.

Churches and Religious Associations

The GDPR further entrenches and protects existing comprehensive rules for churches, religious associations, and protected communities.

Chapter 9 Articles & Descriptions

Article 85: Processing and freedom of expression and information
Article 86: Processing and public access to official documents
Article 87: Processing of the national identification number
Article 88: Processing in the context of employment
Article 89: Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Article 90: Obligations of secrecy
Article 91: Existing data protection rules of churches and religious associations

GDPR will come into effect on May 25, 2018, and OneTrust believes that every global organization should start considering how to best implement efficient and effective data-handling practices that are replicable and consistent. The GDPR Deep Dive Series delves into each chapter of the GDPR to summarize key takeaways of the new governance in an easy-to-digest format. It is intended to help privacy executives with implementation and operationalization of GDPR regulations, and will be published bi-weekly on our blog.