Legal basis for processing
The legal basis for processing personal data
Whenever you process a piece of data, at least one of the following conditions needs to be true:
- - The individual the personal data is about has given their consent
- - The individual has entered into a contract that means it’s necessary for you to process the data; or because the individual has asked for something to be done that will allow them to enter into a contract.
- - You have a legal obligation to process the data (not including obligations imposed by a contract).
- - It’s a literal ‘life or death’ situation. For example, at a hospital A&E department, in a situation where a patient is unable to give consent to process data that could save their life.
- - Processing the data is essential to administer justice, or for exercising statutory, governmental, or other public functions.
- - You have a ‘legitimate interest’ to process the data. More on that below.
Most businesses will have a contractual basis for processing individuals’ data, or can use ‘legitimate interest.’ Read more about these different options on the ICO website.