Skip links

Term: Legal Basis

“Legal basis” refers to a lawful reason or justification for processing someone’s personal data. Organizations must have a valid legal basis for processing personal data, such as a person’s consent or a legal obligation, in order to comply with data protection laws.

What is Legal Basis?

Legal basis is mentioned under Art. 6 of the GDPR.
The list of legal bases for handling personal data is closed, meaning every processing must have one (at least):

  1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. Processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

How to Determine if the Processing of Your Personal Data is Lawful

Identifying whether your personal data is being processed lawfully involves a few key steps. Here’s a concise guide to help you navigate this:

  1. Understand the Privacy Policies: Start by examining the privacy policies of the organizations that handle your data. These documents should outline how your data is used, stored, and shared. They will also state whether the organization has acquired your explicit consent, which is a crucial legal basis for processing personal data.
  2. Know Your Rights: Familiarize yourself with your rights under data protection laws such as the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in the USA. These laws empower you to access, correct, or delete your data and to be informed about how it is processed.
  3. Check for Legal Grounds: There are several legal grounds on which data can be processed, including consent, contract necessity, legal obligation, vital interests, public task, and legitimate interests. Ensure that the processing of your data falls under one of these categories.
  4. Request Information: You can ask the organization for information about the data they have about you and the legal basis for processing it. Most regulations require companies to provide this information, often within a specified timeframe.
  5. Consult a Professional: If you’re unsure or suspect unlawful processing, consider consulting a legal professional specializing in data protection. They can provide tailored advice based on your specific situation.

By following these steps, you can better understand the legality of how your personal data is processed and take control over your information.

Alternative Meanings:
  • Legal Basis

    "Legal basis" refers to a lawful reason or justification for processing someone's personal data. Organizations must have a valid legal basis for processing personal data, such as a person's consent or a legal obligation, in order to comply with data protection laws.

    What is Legal Basis?

    Legal basis is mentioned under Art. 6 of the GDPR.
    The list of legal bases for handling personal data is closed, meaning every processing must have one (at least):

    1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
    2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    3. Processing is necessary for compliance with a legal obligation to which the controller is subject;
    4. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
    5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    6. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

    How to Determine if the Processing of Your Personal Data is Lawful

    Identifying whether your personal data is being processed lawfully involves a few key steps. Here's a concise guide to help you navigate this:

    1. Understand the Privacy Policies: Start by examining the privacy policies of the organizations that handle your data. These documents should outline how your data is used, stored, and shared. They will also state whether the organization has acquired your explicit consent, which is a crucial legal basis for processing personal...
« Back to Glossary Index