The recent case involving the Jehovah’s Witnesses and data privacy in the UK raised some very interesting legal issues. It also demonstrated just how broad the reach of GDPR could be. In this podcast Jonathan Armstrong and I unpack the case, detailing the underlying facts, the Court’s rationale behind its decision and conclude with some of the implications for not only corporations but also individuals and data privacy practitioners. Some of the highlights are:

  1. Religious communities subject to GDPR;
  2. Individual persons can be data controllers as well as their parent organization, even if they do not exercise control;
  3. Data protection and data privacy laws apply to hard copies; and
  4. The domestic purpose exception is to be narrowly applied.