What is a legal basis?

What is a legal basis?

There are 6 ways to process personal data as stipulated in the GDPR in Article 6.

Article 6 of the GDPR states that if the collection and/or usage of personal data is not following one of the legal rules (GDPR, Article 6) listed below, then whatever the organisation is doing is illegal.
The data subject has given consent.
b) Contract
It is necessary to process personal data in order to meet the obligations of a contract of which the data subject is party.
There is a legal obligation to process personal data, e.g. this can be beyond the original purpose and/or legal basis used on collection. An example is that tax laws will normally require that organisations keep financial data for 7 - 10 years.
This is used when the data subject is unable -in most cases- to give consent, e.g. they are unconscious follow a traffic accident. The doctor will need to save their life and to do this processing of sensitive personal data is required.
e) Public interest
This is as stated in the interest of public safety and general functioning of public services, such social services, etc.
f) Legitimate interest
The organisation has a legitimate business interest to collect/process personal data, but this must not outweigh the rights and freedoms of the data subject.

    • Related Articles

    • What makes consent legal?

      Making GDPR compliance easy with Privasee · What is consent? What makes consent legal under GDPR? In order for consent to be legal it must be:  informed consent that is data subject must know what they are consenting to. It must be freely-given in ...
    • What does having a legal obligation mean?

      Making GDPR compliance easy with Privasee · Article 6c, legal obligation Article 6c, legal obligation. Processing is necessary for compliance with a legal obligation to which the controller is subject. Now, let's take this book you purchased on the ...
    • There is a vital interest for the collection and processing

      Making GDPR compliance easy with Privasee · There is a vital interest for collection and processing Article 6d, vital interest. Processing is necessary in order to protect the vital interests of the data subject or of another natural person. This is ...
    • What is consent?

      Making GDPR compliance easy with Privasee · Consent Types In order for consent to be legal it either needs to be unambiguous consent or explicit consent.  Unambiguous consent is defined in the GDPR as similar to implicit consent but strengthened by a ...
    • What does it mean that we have 72 hours to report a breach?

      When you are data controllerFrom the moment a personal data breach has been confirmed, your organisation has 72 hours to decide (and report) if it presents a high risk of harm to the rights and freedoms of an individual and if so it must be reported ...