Lawful Basis for Processing
Also: Legal Basis
The specific legal ground GDPR requires for every use of personal data. There are six, and you must have at least one for each processing activity.
Why it matters
You cannot lawfully process personal data without a basis, and you should know which one you are relying on for each activity before you start. Picking the wrong one, or none, is a common and serious compliance gap.
What good looks like
The six bases are consent, contract, legal obligation, vital interests, public task, and legitimate interests. Good practice is to map each data activity to a specific basis and document it.
In the European market
The basis you can rely on can interact with national rules, especially in Germany, where consent is often required for marketing contact even when another basis covers the underlying data.
Related terms
Reading about it is the easy part. We run it.
Tell us where you are trying to grow, and we will show you the few moves that matter most, then make them.
Free, no obligation. We will get back to you quickly.