Lawful Grounds for using personal information under GDPR
There are 6 lawful grounds under which a business can process the personal information of a living individual for data protection purposes following the General Data Protection Regulation (GDPR).
Six lawful grounds to legally process personal information
The 6 lawful grounds to process an individuals personal information for data protection purposes following the commencement of the are:
1. We need to do so to perform our contract with the individual or to take steps prior to entering into a contract with an individual in response to a request from an individual.
For example to use an address to make a delivery and to use an email address to reply to a request to provide a quote to an individual or respond to an unsolicited request. We use our employees' bank details to make a payment of salary to them.
2. We need to do so to comply with a legal obligation.
For example we need to obtain the PPS number of employees to comply with tax laws. We may need to obtain the VAT number from customers. Depending on our business we may be subject to regulatory rules. For example solicitors have to obtain identification documentation for their clients.
3. We need to use the information to protect the vital interests of an individual or another person.
For example in an emergency medical situation we may need to access details of an individual.
4. We need to do so to exercise official authority or a public interest task – for public authorities to comply with their statutory obligations so this ground will most likely not apply to most businesses.
5. We need to do so for our legitimate interests or the interests of a third party.
In order to rely on this ground we must have:
(a) A legitimate interest;
(b) The processing is necessary for the legitimate interest; and
(c) After having carried out a balancing test, the legitimate interests of the business or a third party override the rights of the individual.
This assessment should be carried out and documented before a business relied on the legitimate interest ground.
For example a legitimate interest may include the use of CCTV at a place of work for security purposes.
6. We have obtained the consent from the individual to use their information for one or more specific purposes. For more information on consent please check out the Consent article.
For further information please contact us.
The material in this article is for general information purposes only and does not constitute legal or taxation advice. Specific legal and taxation advice should be sought before acting. All information and taxation rules are subject to change without notice.
No liability whatsoever is accepted by M. McLoughlin & Co. for any action taken in reliance on the information in this article
Book an appointment Downloads Subscribe Contact Us