GDPR - Lawful Basis for Processing

| Author: Secretariat | Filed under: Good Practice Policies
GDPR - Lawful Basis for Processing

Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law.

If the controller does not have a lawful basis for a given data processing activity (and no exemption or derogation applies) then that activity is prima facie unlawful.

What should organisations do to prepare?

Having a lawful basis for each processing activity is critical to an organisation's ability to comply with EU data protection law. Therefore, organisations should:

• review all of their data processing activities;

• ensure that they have a lawful basis for each processing activity (or an exemption or derogation applies);

• where consent is the basis for processing, review existing mechanisms for obtaining consent, to ensure that they meet the GDPR's standards; and

• where a legitimate interest is the basis for processing, maintain records of the organisation's assessment of that legitimate interest, to show that the organisation properly considered the rights of data subjects.

Click here - For full article including helpful analysis of the impact of GDPR.

Source: White & Case GDPR Handbook - Unlocking the EU General Data Protection Regulation

Endorsed by the Law Society

The ABI is the only association in this industry to be endorsed by the Law Society of England and Wales, and included in the Law Society of Scotland's approved Supplier Scheme.

The highest independent professional bodies for solicitors put their trust in us. We’re confident you can do the same.

Law Society logo
Scotland Law Society logo