Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

Sign Up

Lawful Bases for Data Processing under GDPR

Introduction

Under the General Data Protection Regulations (GDPR), organisations must identify lawful bases for data processing.

Importance of Lawful Bases

Requirement: All organisations must identify lawful bases to process data.

Consequence: Without a lawful basis, data cannot be processed lawfully.

Inclusion: Lawful bases should be stated in the organisation's privacy policy.

Six Lawful Bases

Consent: Individuals have control over their data and can withdraw consent at any time.
Contract: Data processing is limited to fulfilling contractual obligations.
Legal Obligation: Data processing is necessary to comply with the law.
Vital Interest: Processing is necessary to protect someone's life.
Public Task: Processing is carried out in the public interest by public authorities.
Legitimate Interest: Flexible basis but must balance interests and privacy risks.

Elaboration on Lawful Bases

Consent

Allows individuals control over their data; can withdraw consent at any time.

Contract

Data processing is limited to fulfilling contractual obligations.

Legal Obligation

Necessary processing to comply with legal requirements.

Vital Interest

Processing necessary to protect lives, especially in health-related cases.

Public Task

Processing carried out by public authorities in the public interest.

Legitimate Interest

Flexible basis requiring balance between interests and privacy risks.

Organisations must conduct legitimate interest assessments and document decisions.