Legal Basis

Under the GDPR, there must be a lawful basis for processing of personal data. Controllers and processors should understand under which basis they are processing information. The available options are:

Consent – Processing may take place if an individual has given their consent

Contractual necessity – Processing can take place to enter or fullfill a contract

Compliance with legal obligations – Processing may necessary to meet a legal obligation

Vital interests – Processing may be neccesary to protect the “vital interests” of the individual (think “life‑or-death” situation).

Public interest – Processing by a public authority or private organisation acting in the public interest.

Legitimate interests – Processing to meet a legitimate interest providing it is not overridden by the rights or freedoms of the affected data subjects.

« Back to Glossary Index