GDPR doesn’t cover data processing that is purely personal or household-related and not connected to professional or commercial activities. It does not apply to entities processing data solely for national security or criminal law enforcement purposes, as these areas fall under different regulations.
GDPR also does not cover data processing outside the EUs boundaries unless it includes offering goods or services to or monitoring the behavior of, EU residents. This helps ensure that the GDPRs jurisdiction is suitably restricted while maintaining safeguards, within its boundaries.