Legal basis for processing

The legal basis for processing personal data

Whenever you process a piece of data, at least one of the following conditions needs to be true:

  • - The individual the personal data is about has given their consent
  • - The individual has entered into a contract that means it’s necessary for you to process the data; or because the individual has asked for something to be done that will allow them to enter into a contract.
  • - You have a legal obligation to process the data (not including obligations imposed by a contract).
  • - It’s a literal ‘life or death’ situation. For example, at a hospital A&E department, in a situation where a patient is unable to give consent to process data that could save their life.
  • - Processing the data is essential to administer justice, or for exercising statutory, governmental, or other public functions.
  • - You have a ‘legitimate interest’ to process the data. More on that below.

Most businesses will have a contractual basis for processing individuals’ data, or can use ‘legitimate interest.’ Read more about these different options on the ICO website.