Lawful basis
Definition
One of the six conditions listed in Article 6 that must be satisfied before personal data may be processed. The controller must identify and document the lawful basis before processing begins; it cannot be selected retrospectively when challenged.
Related terms
- Controller
- The natural or legal person, authority, agency, or other body that determines the purposes and means of processing personal data. The controller...
- Data Protection Impact Assessment (DPIA)
- A structured risk assessment required under Article 35 before any processing that is likely to result in high risk to individuals' rights...
- Processor
- A natural or legal person that processes personal data on behalf of the controller. Processors are directly bound by certain GDPR obligations...
- Record of Processing Activities (ROPA)
- The inventory of processing operations required under Article 30. It documents the purposes, data categories, recipients, retention periods, and security measures for...
- Supervisory authority
- The national data protection regulator responsible for enforcing GDPR in a given EU member state, such as the UK Information Commissioner's Office...
Explained in
- GDPR: Core Principles and Audit ObligationsOne of the six conditions listed in Article 6 that must be satisfied before personal data may be processed. The controller must identify and document the lawfu...