Article 2 GDPR (Material Scope)
Understanding Article 2 of GDPR
Processing of personal data
What activities are governed by GDPR?
Article 2 of GDPR provides the material scope in the application of the regulation.
The GDPR regulation will apply to all processing activities of personal data.
The processing can be:
- Wholly automated
- Partly automated
- Other than by automated means
For example, if personal data forms part of a filing system, that’s considered to be the processing of personal data.
Non-application of GDPR
There are instances when personal data may be handled or processed but GDPR will not apply.
In what case will GDPR not apply?
Article 2 of GDPR outlines that the regulation will not apply to the following scenarios when personal data is used:
- Processing activities outside of the scope of the European Union law
- Activities of Member States falling within the scope of the Treaty of European Union
- A person using personal data purely for personal reasons or for the needs of their household
- By the authorities to prevent and prosecute crimes and for the protection of public security
Processing of data by Europen Union institutions
As it relates to the processing of personal data with respect to Union institutions, bodies, offices and agencies, the Regulation (EC) No 45/2001 apply but their obligations must be adapted to the principles of GDPR.
Directive on electronic commerce
GDPR does not affect the application of Directive 2000/31/EC relating to electronic commerce except for the liability aspect.
Recitals applicable to Article 2 of GDPR
The following recitals are useful for a more in-depth understanding of Article 2 of GDPR:
Recitals: 13, 14, 15, 16, 17, 18, 19, 20, 21, 27
GDPR Regulation article-by-article overview
Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.
GDPR Text: Article 2 of GDPR and relevant recitals
GDPR Text Source: EUR-Lex
Official GDPR Text: General Data Protection Regulation
Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)