Guidance on Legal Bases for Processing Personal Data One of the first questions which organisations involved in processing personal data (‘controllers’) should ask themselves before undertaking the processing is “What is my reason or justification for processing this personal data?” This is of key importance because any processing of personal data is only lawful where it has what is known as a ‘legal basis’. Article 6 of the General Data Protection Regulation (GDPR) sets out what these potential legal bases are, namely: consent; contract; legal obligation; vital interests; public task; or legitimate interests. The aim of this guidance is primarily to assist controllers in identifying the correct legal basis for any processing of personal data which they undertake or plan to undertake – and the obligations which go with that legal basis. Additionally, this guidance should assist those individuals whose personal data may be processed (‘data subjects’) in identifying whether the processing of their personal data is lawful, and, as part of that, what the legal basis for that processing may be. GDPR Fundamentals: Legal Basis For Processing Data
August 23, 2018/ Mark Hinely GDPR requires any organization processing personal data to have a valid legal basis for that processing activity. The law provides six legal bases for processing: consent, performance of a contract, a legitimate interest, a vital interest, a legal requirement, and a public interest. 6 Legal Bases for Processing Personal Data One of the seven major data processing principles of GDPR is to ensure that personal data is processed lawfully, fairly, and transparently. To comply this principle, Chapter 6 of the GDPR requires any organization processing personal data to have a valid legal basis for that personal data processing activity. Think of these as scenarios in which it would be lawful to process data. GDPR provides six legal bases for processing:
|
AuthorI am an innovator. Archives
August 2022
Categories
All
|