Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Regular self-evaluation of the lawfulness of processing personal data


GDPR defines six main legal bases for the lawful processing of personal data. In addition, more strict requirements apply to processing of special groups of personal data. The legal basis must also be communicated to the data subjects in privacy communication. However, not all legal bases adapt to all situations and the application of certain legal bases imposes additional requirements on the controller.

The Data Protection Officer (or other responsible person) helps to develop the lawfulness of the processing by assessing the legal bases for the different purposes in cooperation with the units carrying out the processing and on the basis of data protection communications.

Connected other frameworks and requirements:
6. Lawfulness of processing
9. Processing of special categories of personal data
No items found.