Legality

As the controller, you must ensure that all processing of personal data is carried out lawfully and in accordance with the principles of the GDPR.

Legal basis

All processing must be based on a legal basis in accordance with Art. 6 GDPR. As a reminder, here are the legal bases in detail: 

• Consent (GDPR Art. 6 para. 1 a)
  
• Contractual obligation or pre-contractual measure (GDPR Art. 6 para. 1 b)
• Legal obligation (GDPR Art. 6 para. 1 c)
• Protection of vital interests (GDPR Art. 6 para. 1 d)
• Safeguarding public interests (GDPR Art. 6 para. 1 e)
• The legitimate interest of the controller (GDPR Art. 6 para. 1 f)

Principles of data protection

Processing must be carried out on the basis of the principles listed in Art. 5 GDPR. The principles of data protection are 

• Lawfulness, processing in good faith, transparency
  
• purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

Compliance with data subject rights

The lawfulness of processing also includes compliance with the rights of data subjects:

• Data subjects must be informed about the processing of their personal data. This information must be provided when the data is collected. In addition, the information must be provided in a clear, comprehensible form.
  
• Data subjects have the right to access, rectify and erase their data. 
• Data subjects may have a right to object or, in the case of processing based on consent, a right to withdraw consent.

All topics can be found in detail in our basic course "The GDPR explained".