CaraDoc

English

Français

English

Français

Appearance

Lawful basis for processing

To remember

The lawful basis for processing is what legally authorizes it, i.e. what gives an organization the right to process personal data.

To be lawful, a processing operation must be based on at least one of the 6 basis described by the GDPR.

Processing is necessary to comply with a legal obligation that the data controller must respect. This obligation must be a text of EU law or the law of a member state.

It may concern processing carried out by both private and public bodies.

For example, tax declarations or recruitment (the employee must provide his or her social security number).

Contract

Processing is necessary for the performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures taken at the data subject's request.

Example: delivery, quotation.

Public task

Processing is necessary for the performance of official authority.

Examples: school enrolment management, sports and cultural subsidies, crisis communications, etc.

Legitimate interest

This basis concerns the pursuit of legitimate interests by the controller.

Processing must be based on a balance between the interests of the controller and the rights and interests of the data subject.

Processing must be necessary to achieve a specific purpose. In this sense, it is the least intrusive lawful basis.

This lawful basis can not be invoked by public organizations as part of their mission.

Examples: video surveillance in a company, communication with members of an association, etc.

In this case, processing is lawful when the consent of the data subject has been obtained.

This means that you have to ask people for their authorization before processing their personal data.

Consent is not always necessary. This lawful basis is used only if one of the other legal bases does not apply.

Vital interests

Processing is necessary to safeguard the vital interests of the data subject or another natural person.

This basis can only be used when it is impossible to use another basis.

Examples: threat to life, physical inability to give consent, management of humanitarian issues, etc.