The data subject has given consent.
It is necessary to process personal data in order to meet the obligations of a contract of which the data subject is party.
There is a legal obligation to process personal data, e.g. this can be beyond the original purpose and/or legal basis used on collection. An example is that tax laws will normally require that organisations keep financial data for 7 - 10 years.
This is used when the data subject is unable -in most cases- to give consent, e.g. they are unconscious follow a traffic accident. The doctor will need to save their life and to do this processing of sensitive personal data is required.
e) Public interest
This is as stated in the interest of public safety and general functioning of public services, such social services, etc.
|f) Legitimate interest|
The organisation has a legitimate business interest to collect/process personal data, but this must not outweigh the rights and freedoms of the data subject.