Legal basis for processing

The legal basis for processing is a fundamental concept in the General Data Protection Regulation (GDPR). The GDPR stipulates that every personal data processing activity must have a legal justification, known as a legal basis, which legitimizes the processing. The legal basis is essentially the reason why it is permissible to process an individual’s personal data. Without an adequate legal basis, any data processing activity is considered unlawful.

The six legal bases provided by Article 6 of the GDPR are:

  1. Consent of the data subject: Processing is lawful if the data subject has given their consent freely, specifically, in an informed and unambiguous manner. Consent must be documented and can be withdrawn at any time.
  2. Performance of a contract: Processing is necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject.
  3. Legal obligation: Processing is necessary for compliance with a legal obligation to which the data controller is subject, such as tax or workplace safety obligations.
  4. Vital interests of the data subject or another person: Processing is necessary to protect the vital interests of the data subject or another individual, for example, in health emergency situations.
  5. Public interest or exercise of official authority: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  6. Legitimate interest of the controller or third parties: Processing is necessary for the purposes of legitimate interests pursued by the controller or third parties, provided that these interests do not override the rights and fundamental freedoms of the data subject. This legal basis requires careful and documented evaluation of risks and benefits, known as a Legitimate Interest Assessment (LIA).

Practical examples of legal bases for processing

  • Consent: Subscribing to a newsletter requires the user’s consent, allowing them to freely choose whether to receive promotional communications.
  • Performance of a contract: When a customer purchases a product online, the personal data necessary for delivery and billing are processed based on the performance of the contract.
  • Legal obligation: Retaining employee data to comply with tax obligations is an example of processing based on a legal obligation.

Trust Guardian’s approach to the legal basis for processing
Trust Guardian stands out by allowing companies to manage all six legal bases provided by the GDPR, tracking proofs of genuineness, privacy notices acknowledgments, and monitoring the entire lifecycle of all purposes. The platform also ensures the proper management of data retention for each legal basis, guaranteeing that data is processed only as long as a legitimate basis exists, whether for contractual purposes, legitimate interests, legal obligations, or other non-consensual purposes.

Legal, ICT, marketing: comprendiamo le tue necessità

Vogliamo sollevarti dai grattacapi nella gestione di consensi e privacy dei clienti.

legal1 legal2

Come DPO, Legal & Compliance voglio gestire le contestazioni e recuperare prove e fatti
ict1 ict2

Come ICT voglio mettere ordine nei flussi di gestione della privacy dei clienti
marketer1 marketer2

Come Marketer voglio lavorare in tranquillità e sicurezza

Trust Guardian è perfetto per diversi casi d’uso

Ecommerce basket

Solutions for trade shows and events
Fidelity card

Solutions for Loyalty Cards
Stand

Solutions for Marketers
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.