The 6 Lawful Bases for Processing Data Under GDPR

The 6 Lawful Bases for Processing Data Under GDPR

GDPR has changed the way everyone is required to treat personal data, but the law is actually a lot more supple than many may realise. (The regulation is back in the spotlight following Google’s decision to move UK user data to the US, instead of processing it in Ireland, although the company claims no GDPR […]

GDPR has changed the way everyone is required to treat personal data, but the law is actually a lot more supple than many may realise. (The regulation is back in the spotlight following Google’s decision to move UK user data to the US, instead of processing it in Ireland, although the company claims no GDPR connection).

Under GDPR there are essentially six lawful bases for processing data.

1: Consent

This is the cleanest cut of the six: consent is used when an individual has given their clear affirmation to the processing of their data. For the individual what is being asked must be easily understood and separated from other legal terms and conditions documents.

However, in practice it is one of the more difficult to manage: businesses need to establish a clear process that asks and records someone’s consent.

Leave a Reply

Your email address will not be published. Required fields are marked *