Get Free Downloads
Start your GDPR today in just a few clicks
      
Get Free Downloads
Start your GDPR today in just a few clicks

What Is Your GDPR Lawful Basis?

Tagged with GDPR HELP, GDPR ADVICE, LAWFUl BASIS, GDPR
by Adam Brogden
in Blog

05-Jul-2019 12:14

Probably the most fundamental part of GDPR is that you must have a lawful basis to process personal data. This is a strange term but is simply means that you need to have an appropriate reason to collect, process, store, buy, sell, or otherwise use personal data.

The GDPR defines six options that will be considered reasonable – as an organisation you must ensure you understand which applies best to you and ensure that this is communicated to your data subjects. Take a look at the following info from the ICO and if you have any questions about how this applies to you just give the Optindigo team a call on: 01772 217772

From the ICO --------------------------------

Lawful Basis at a Glance

  • You must have a valid lawful basis in order to process personal data.

  • There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.

  • Most lawful bases require that processing is ‘necessary’ for a specific purpose. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis.

  • You must determine your lawful basis before you begin processing, and you should document it.

  • Take care to get it right first time - you should not swap to a different lawful basis at a later date without good reason. In particular, you cannot usually swap from consent to a different basis.

  • Your privacy notice should include your lawful basis for processing as well as the purpose of the processing.

  • If your purposes change, you may be able to continue processing under the original lawful basis if your new purpose is compatible with your initial purpose (unless your original lawful basis was consent).

  • If you are processing special category data you need to identify both a lawful basis for general processing and an additional condition for processing this type of data.

  • If you are processing criminal conviction data or data about offences you need to identify both a lawful basis for general processing and an additional condition for processing this type of data.

Checklist

  • We have reviewed the purposes of our processing activities, and selected the most appropriate lawful basis (or bases) for each activity.

  • We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.

  • We have documented our decision on which lawful basis applies to help us demonstrate compliance.

  • We have included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice.

  • Where we process special category data, we have also identified a condition for processing special category data, and have documented this.

  • Where we process criminal offence data, we have also identified a condition for processing this data, and have documented this.

Hope this helps. Contact us anytime if you need help

Good luck all.