Every data processing activity must have a valid legal basis. Understanding this is key to compliance.
1. Consent
Freely given, specific, informed, and unambiguous.
2. Contractual Necessity
Processing necessary to fulfill a contract with the data subject.
3. Legal Obligation
Required to comply with a law or regulation.
4. Vital Interests
Processing necessary to protect someone’s life.
5. Public Task
Processing necessary to perform a task carried out in the public interest.
6. Legitimate Interests
Processing necessary for the organization’s legitimate interests, balanced against data subject rights.
Practical Application
Identify the purpose of processing
Document the chosen basis
Review regularly to ensure ongoing compliance
Conclusion
Selecting and documenting the correct lawful basis ensures GDPR compliance and reduces legal risk.
For guidance on determining lawful bases for your business processing activities, contact Lazarevska Law Firm | Biljana Lazarevska.