en-gdpr: Introduction

Art. 6 GDPR - Lawfulness of processing

1) Processing shall be lawful only if and to the extent that at least one of the following applies:

a. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c. processing is necessary for compliance with a legal obligation to which the controller is subject;

d. processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2) […]

What does that mean?

Assume that the processing of personal data is generally prohibited in the first instance. In order to process this data anyway, you need a legal basis. The legal bases can be found in Article 6 of the GDPR. Only if you can justify the processing of personal data with one of the legal bases listed there can you actually process the data.

The legal bases in detail:

Consent of the data subject
fulfilment of a contract or a pre-contractual measure
legal obligation
Protection of vital interests of the data subject
Task in the public interest
legitimate interest of the processor

We explain the legal basis in more detail on the following pages.

Introduction

Art. 6 GDPR - Lawfulness of processing

What does that mean?

Server

The project / Das Projekt

Legal / Rechtliches