Lawful processing

Lawful basis for processing personal data

In order to process personal data, you must have a lawful basis to do so. The lawful grounds for processing personal data are set out in Article 14 of the DPA. These are:

  • 01

    The consent of the individual.

  • 02

    Performance of a contract.

  • 03

    Compliance with a legal obligation.

  • 04

    Necessary to protect the vital interests of a person.

  • 05

    Necessary for the performance of a task carried out in the public interest.

  • 06

    In the legitimate interests of company/organization (except where those interests are overridden by the interests or rights and freedoms of the data subject).

Providing Transparent Information

Businesses and organizations that process personal data must provide individuals with information on the type of processing that is taking place and who is carrying it out. At a minimum, this information must clearly state:

  • 01

    Who you (the organization) are.

  • 02

    Why you are processing the data.

  • 03

    What legal basis you rely on to legitimize the processing.

  • 04

    Whether or not the data will be transferred on to other organization's or individuals.

  • 05

    How long the data will be stored.

  • 06

    The existence of the individual’s rights under data protection, including the rights to access, correction, erasure, restriction, objection and portability.