Lawful Basis for Processing
Unlock This Video Now for FREE
This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.
Lawful Bases for Data Processing under GDPR
Introduction
Under the General Data Protection Regulations (GDPR), organisations must identify lawful bases for data processing.
Importance of Lawful Bases
Requirement: All organisations must identify lawful bases to process data.
Consequence: Without a lawful basis, data cannot be processed lawfully.
Inclusion: Lawful bases should be stated in the organisation's privacy policy.
Six Lawful Bases
- Consent: Individuals have control over their data and can withdraw consent at any time.
- Contract: Data processing is limited to fulfilling contractual obligations.
- Legal Obligation: Data processing is necessary to comply with the law.
- Vital Interest: Processing is necessary to protect someone's life.
- Public Task: Processing is carried out in the public interest by public authorities.
- Legitimate Interest: Flexible basis but must balance interests and privacy risks.
Elaboration on Lawful Bases
Consent
Allows individuals control over their data; can withdraw consent at any time.
Contract
Data processing is limited to fulfilling contractual obligations.
Legal Obligation
Necessary processing to comply with legal requirements.
Vital Interest
Processing necessary to protect lives, especially in health-related cases.
Public Task
Processing carried out by public authorities in the public interest.
Legitimate Interest
Flexible basis requiring balance between interests and privacy risks.
Organisations must conduct legitimate interest assessments and document decisions.