Legal Bases
If you have a simple website with a separate contact form, you already collect personal data. Since the introduction of the GDPR, collecting personal data means that you have to meet various legal requirements. For example, under the GDPR you must have a legal basis to collect the data.
In this article, we’ll tell you more about these legal bases.
Legal Basis
Permission or consent
Definition:
The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
Example:
The most obvious examples are the cookies banners, whereby consent is needed to not only set bit also read specific cookies. Another example is a contact form, whereby consent is needed to collect information that is not directly relevant to the service or agreement.
Source:
Article 6.1 a GDPR
Legal Basis
Performance of a contract
Definition:
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Example:
You have bought some clothing items in a webstore. To be able to send the items to you, the webshop has to proces your delivery adres, and make it available to the postal service in order to make sure that the goods get delivered.
Source:
Article 6.1 b GDPR
Legal Basis
Legal obligation
Definition:
Processing is necessary for compliance with a legal obligation to which the controller is subject;
Example:
You offer cryptocurrency to customers and according to your national law you have to check and store a copy of the passport in your archive.
Source:
Article 6.1 c GDPR
Legal Basis
Vital interest
Definition:
Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
Example:
The personal data needs to be processed in order to save someones life. This legal basis usually applies to medical information that is needed in unforeseen situations.
Source:
Art. 6.1 d GDPR
Legal Basis
Public interest
Definition:
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
Example:
Storing information about driver licenses.
Source:
Article 6.1 e GDPR
Legal Basis
Legitimate Interest
Definition:
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Example:
There are three elements to the legitimate interests basis. Before You use this legal basis, you need to:
- identify a legitimate interest; They can be your own (commercial) interests or the interests of third parties.
- show that the processing is necessary to achieve it; and
- balance it against the individual’s interests, rights and freedoms.
Article 6.1 f GDPR
