Note: Your progress in watching these videos WILL NOT be tracked. These training videos are the same videos you will experience when you take the full ProFirstAid Advanced program. You may begin the training for free at any time to start officially tracking your progress toward your certificate of completion.

Watch this video from ProTrainings

Sign Up

Show full transcript for Lawful Basis for Processing video

Lawful Bases for Data Processing under GDPR

Introduction

Under the General Data Protection Regulations (GDPR), organisations must identify lawful bases for data processing.

Importance of Lawful Bases

Requirement: All organisations must identify lawful bases to process data.

Consequence: Without a lawful basis, data cannot be processed lawfully.

Inclusion: Lawful bases should be stated in the organisation's privacy policy.

Six Lawful Bases

Consent: Individuals have control over their data and can withdraw consent at any time.
Contract: Data processing is limited to fulfilling contractual obligations.
Legal Obligation: Data processing is necessary to comply with the law.
Vital Interest: Processing is necessary to protect someone's life.
Public Task: Processing is carried out in the public interest by public authorities.
Legitimate Interest: Flexible basis but must balance interests and privacy risks.

Elaboration on Lawful Bases

Consent

Allows individuals control over their data; can withdraw consent at any time.

Contract

Data processing is limited to fulfilling contractual obligations.

Legal Obligation

Necessary processing to comply with legal requirements.

Vital Interest

Processing necessary to protect lives, especially in health-related cases.

Public Task

Processing carried out by public authorities in the public interest.

Legitimate Interest

Flexible basis requiring balance between interests and privacy risks.

Organisations must conduct legitimate interest assessments and document decisions.