Under the GDPR, there must be a lawful basis for processing of personal data. Controllers and processors should understand under which basis they are processing information. The available options are:
Consent – Processing may take place if an individual has given their consent
Contractual necessity – Processing can take place to enter or fullfill a contract
Compliance with legal obligations – Processing may necessary to meet a legal obligation
Vital interests – Processing may be neccesary to protect the “vital interests” of the individual (think “life‑or-death” situation).
Public interest – Processing by a public authority or private organisation acting in the public interest.
Legitimate interests – Processing to meet a legitimate interest providing it is not overridden by the rights or freedoms of the affected data subjects.« Back to Glossary Index