Expert Advice Community

Guest

GDPR Best legal basis for data sharing

  Quote
Guest
Guest user Created:   Feb 05, 2021 Last commented:   Feb 08, 2021

GDPR Best legal basis for data sharing

I am looking for clarification on the GDPR process for legal basis for collection of personal information.

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Feb 08, 2021

The legal basis of data processing is determined by the controller before data collection. The controller can process data on one or more legal bases, but selecting one is essential for the lawfulness of processing under Article 6 GDPR. Before starting to collect personal data, the controller needs to understand why he/she needs those data and the purpose must be declared in the privacy notice. The data subject, in fact, must be informed and aware of the reason for processing. Legal basis are:

    1. Consent of the data subject.

    2. Performance of a contract (even pre-contractual steps).

    3. Compliance with a legal obligation to which the controller is subject.

    4. Protect the vital interests of the data subject.

    5. Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    6. Processing is necessary for the purposes of the legitimate interests pursued by the controller.

For example, if you provide a service on the web you can state in the privacy notice that personal data of the customer are collected to provide the service and to comply with a legal obligation (i.e., tax declarations), you can ask also consent to the data subject for receiving newsletter or promotions. If your customer withdraws the consent asking to delete all his/her personal information stored, you can reply that you will remove his/her personal information for processing based on consent (newsletter, marketing), while data processed for the provision of service will be kept to comply with tax rules on bookkeeping. This is why the controller needs to determine the legal basis of each data processing before collecting data.

Here you can find more information on the legal basis and data subjects rights:

If you need to understand how to determine the legal basis of processing under GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course// 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 05, 2021

Feb 08, 2021

Suggested Topics