The protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and the free movement of such data, is the subject of a specific Union legal act. This Regulation should not, therefore, apply to processing activities for those purposes. However, personal data processed by public authorities under this Regulation should, when used for those purposes, be governed by a more specific Union legal act, namely Directive (EU) 2016/680 of the European Parliament and of the Council(7). Member States may entrust competent authorities within the meaning of Directive (EU) 2016/680 with tasks which are not necessarily carried out for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and prevention of threats to public security, so that the processing of personal data for those other purposes, in so far as it is within the scope of Union law, falls within the scope of this Regulation.
GDPR Recital EN
Recital 19
Related across sources
Guidance Version history Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement Guidance Guidelines 9/2022 on personal data breach notification under GDPR Guidance Guidelines 02/2024 on Article 48 GDPR Guidance Guidelines 10/2020 on restrictions under Article 23 GDPR Guidance Guidelines 04/2022 on the calculation of administrative fines under the GDPR