5 December 2023
As the year draws to a close and we reflect on recent data protection updates, guidance and decisions, our team has prepared a refresher on the legal grounds for processing of personal data, and what you need to consider when relying on a particular legal basis.
Accountability is one of the key principles which underpins the GDPR. When considering which legal basis your organisation relies upon for processing personal data, we recommend you back up your decision with an objective justification.
Let’s now illustrate how each legal ground can be relied upon.
|Performance of a contract
Data controllers must consider how their data processing activities fit within the above grounds. It is worth bearing in mind that the lawful bases as set out in Article 6 are not hierarchical, and each of the six grounds rank equally and can be validly relied upon. The facts of each processing activity will determine the most appropriate legal basis for processing personal data.
Finally, in line with the principle of data minimisation, processing of personal data should only be undertaken in a limited way, where relevant and necessary to achieving the purpose of the processing. To ensure accountability, controllers should record their reasoning as to why they thought it necessary to process personal data under the different legal basis as outlined above.
Our team can support you by:
Guidance Note: Legal Bases for Processing Personal Data published by the Data Protection Commission in December 2019