In this video, Mandy Huth outlines the lawful basis for processing data under GDPR. Learn what lawful basis is and what scenarios are covered under this component of GDPR regulation.
- [Instructor] Understanding an organization's basis for gathering and processing data will help identify its lawfulness. It's important to start with the definition of basis. Basis is the underlying support or foundation of a thing. I think of it as a house. You have a foundation, and then you build on top of it. How then does this apply to GDPR? Lawful basis is a reason for processing data that's justified in law. It's not a law in and of itself but is justified by the law in place.
Again, a house needs a foundation before walls, and eventually it will need inspection. GDPR is the same. It is the foundation or the reason we use data. And just like inspection, it has law behind it to ensure it meets minimum standards. There are six bases for processing data under GDPR. Let's walk through them. The first is consent. Consent is voluntary and can be revoked at any time by the data subject.
Next is contractual necessity, whereby an organization is performing processing to fulfill a contractual obligation to another organization. Third is legal obligations that occur under European Union law. Note that this is specific to EU member states only, not outside of those countries. The next basis is to protect vital interest. I think of this like a psychiatrist. Your data is private unless you are doing harm to yourself or to others.
Legitimate interest is next. This will be a compelling reason for businesses that work with one another and have to transfer data between each other. Finally, there is public interest. When thinking of a compelling ground that overrides the freedoms of a data subject, I think of things like the CDC, the Center for Disease Control. If there's a pandemic and the CDC is gathering data about that pandemic and where it may go, those types of data gathering activities certainly outweigh the freedom of individual data subjects for the greater good.
There are six bases for processing data. Knowing them ensures an organization is behaving in a lawful fashion.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.
- Compliance deadlines and penalties
- Data controllers and data processors under GDPR
- Exploring the role of the data protection office
- Technical measures outlined in the GDPR
- Reviewing the right to be forgotten and the situations that allow erasure
- Rules for children under the age of 16
- Breach notification