That's not true unfortunately. It has a blanket exception for anything remotely government related (meaning government itself and anyone the government authorizes), and in fact guarantees far more and wider access to your most sensitive data, not less. And it allows the government to authorize whoever they please to not just keep more data about you, tighter and more closely linked together, but to keep this from you, and to prevent you from doing anything about it. Which, since the process now exists, they have prodigiously used.
Insurance? Private doctor? Youth services? Family (or any other) court? Pharmacy (in most of Europe)? Police (even in the most trivial of cases, and without judicial approval, and of course without verification or recourse)
Worse than that: the exception goes further than merely keeping data as well. Insurance company wants to change/add to your medical record? Immediately? Doctor? Court? Police? All can change your medical file, both adding and deleting (sometimes limited to what they added themselves). YOU want to change it? Not possible!
Weird since insurance company access to your data, and "the right to be forgotten" was one of the main selling points of this legislation, but since insurance companies are semi-government in almost all of Europe these days, a lot of them fall into the blanket exception.
And of course, you yourself ... cannot access this data. You cannot see it (sorry "you can, unless there's a reason not to let you see it", wanna bet there's always a reason?). For particular parts (espectially names, for example which doctor put something there about you are kept secret from you). Thankfully these institutions hate eachother, so there is some protection left because if anyone wants this data, they have to file requests in 5 different places. But there is no more legal protection against this happening.
It is now far easier, in the Netherlands, to get a serious crime stricken off your judicial record than, say, getting a doctor or pharmacist's claim that you falsely came in for a heart problem out of your medical file, say to threaten or attack them for painkillers, or even just getting the name of which doctor put that there (and of course such misleading information can kill you if you ever really do have a heart problem, and god help you if you need pain killers or ...)
GPDR protects you from Amazon offering you gift ideas for your kids' birthday if you object to that. You want a mental health stay 40 years ago to not be used in a family court case against you? THAT it makes MUCH easier. Faking such a thing and using it in a court case against you, that, too, it makes a lot easier.
I've never heard this criticism of GDPR before, and a couple of cursory Google searches didn't yield anything supporting what you're claiming. Do you have a source for that?
Like everywhere else, medical and "social work" data (and keep in mind that both the medical and social workers can lock people up for extended periods of time, even in isolation. Extended means decades, even until death, and that under circumstances that are justified using records on which that applies. You can't access, remove or change that data, but it can (and is in practice) used to lock you away legally indefinitely)
Insurance:
https://ico.org.uk/for-organisations/guide-to-data-protectio... (NHS is the insurer in Scotland. Essentially, ANY data that can be used for legal purposes (whether to sue you or to defend itself or any decision it made) is exempt from GPDR. No matter how personal the data. Technically this may even cover publishing such data.
I realize this is for one specific part of Europe, but there are analogues everywhere. And, frankly, look at the size of that list. It's only the beginning, on the left, click open, "right to X" and there's yet another list of exemptions.
Insurance? Private doctor? Youth services? Family (or any other) court? Pharmacy (in most of Europe)? Police (even in the most trivial of cases, and without judicial approval, and of course without verification or recourse)
Worse than that: the exception goes further than merely keeping data as well. Insurance company wants to change/add to your medical record? Immediately? Doctor? Court? Police? All can change your medical file, both adding and deleting (sometimes limited to what they added themselves). YOU want to change it? Not possible!
Weird since insurance company access to your data, and "the right to be forgotten" was one of the main selling points of this legislation, but since insurance companies are semi-government in almost all of Europe these days, a lot of them fall into the blanket exception.
And of course, you yourself ... cannot access this data. You cannot see it (sorry "you can, unless there's a reason not to let you see it", wanna bet there's always a reason?). For particular parts (espectially names, for example which doctor put something there about you are kept secret from you). Thankfully these institutions hate eachother, so there is some protection left because if anyone wants this data, they have to file requests in 5 different places. But there is no more legal protection against this happening.
It is now far easier, in the Netherlands, to get a serious crime stricken off your judicial record than, say, getting a doctor or pharmacist's claim that you falsely came in for a heart problem out of your medical file, say to threaten or attack them for painkillers, or even just getting the name of which doctor put that there (and of course such misleading information can kill you if you ever really do have a heart problem, and god help you if you need pain killers or ...)
GPDR protects you from Amazon offering you gift ideas for your kids' birthday if you object to that. You want a mental health stay 40 years ago to not be used in a family court case against you? THAT it makes MUCH easier. Faking such a thing and using it in a court case against you, that, too, it makes a lot easier.