AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Turn data subjects request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Legal Basis for Processing

The GDPR stipulates that every processing of personal information of citizens or residents of the EU has to be done under one of the six legal basis and have a legal justification that a data controller or processor must have in order to process personal data lawfully.

Otherwise, such processing would be considered unlawful, and thefinancial and reputational consequencesfor the data controller (or data processor) could be severe.

Legal Basis for Processing

1. Consent:  the individual (data subject) gave consent for the processing of his/her personal data for one or more specific purposes. Consent has to be explicit, with a clear statement of consent. It has to be clear, specific, and granular and kept separate from other statements. You also have to keep records of consents (who gave it, for what specific purpose, how long can you keep it…)

2. Contract: Contract will be a valid lawful basis when processing is necessary for the performance of the contract of which the data subject is the party, or in order to take action at the request of the person before the contract is concluded. The important thing to note is that the collected data can only be processed to fulfill the purpose of the contract and can only be used for that specific purpose.

3. Legal obligation: the processing of personal data is necessary for a company to comply with the law. This is only applicable to EU and Member state law.

4. Protection of vital interests: The processing is necessary to protect someone’s life or freedoms. This lawful basis is supposed to be used only in a specific situation where no other lawful basis is applicable and used as a last resort, like matters of national security.

5. Public task: the processing is necessary for performing a task in the public interest. This is applicable for public authorities in order for them to execute their services, and are authorized to do so by the EU or national law.

6. Legitimate interests: the processing is necessary for the purpose of data controllers’ legitimate interests or the legitimate interests of a third party. The exception is when those interests are overridden by fundamental rights and freedoms of the data subject that require the protection of personal data, especially if an individual is a child or a minor.

All glossaries
  • All
  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • Glossaries
  • H
  • I
  • K
  • L
  • M
  • N
  • O
  • P
  • R
  • S
  • T
  • U
  • V
Scroll to Top