Quite often in the stresses of managing GDPR we all can get caught up in concentrating on how we can work around the restrictions of GDPR to gain people’s consent. This is perfectly understandable, as it is under this single word that most of the change comes. However, it worth noting that consent in only one of the six possible legal bases you can lean on for processing personal data. It is worth assessing whether your reasoning for collecting and working through personal data would be better placed under of the other five bases before the panic sets in for how to legally gain consent.
The six legal bases for processing personal data are as follows:
Legitimate interest – necessary for business interest or the interest of a third party whose data is also disclosed
Contract – necessary for contract that individual has entered into with business
Compliance with legal obligation – necessary because of legal obligation to the business
Consent – individual consenting to data processing of their personal data
Vital interest of individual – necessary to protect the individuals health
Public interest – necessary for governmental or statutory requirements