<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    5 ways to ensure lawful processing of data under GDPR

    Published on 11 Dec 2017 by Lynne Callister

    Who needs consent under GDPR?

    Everything hangs on consent under GDPR, right? We can't process any personal data without it.

    Not true. While the rules on consent are certainly much tougher under GDPR, the Information Commissioner's Office (ICO) has made clear that consent is only needed if you're relying on it as the legal basis to process personal data.

    Download our free GDPR poster

    Put simply, having consent is one way of making sure you are compliant with GDPR but there are other options which may be more appropriate for your organisation. Let's run through them…

    Familiarise yourself with these other conditions to ensure lawful processing of data under GDPR:

    processing of data under gdpr

    1. Processing is necessary for the performance of a contract - for example, collecting a customer's name and address in order to process their order
    2. Processing is necessary for legal or judicial reasons - for example, for administering justice or law enforcement, such as using their bank details to process a refund
    3. Processing is necessary to protect the data subject’s vital interests - as in a life or death situation where someone's medical history is made available to treat them in an A&E department after a road accident
    4. Processing is necessary to perform a task carried out in the public interest - for example, exercising statutory, governmental or public functions (collecting taxes, etc)
    5. Processing is necessary for legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject - for example, where a finance company uses a debt collection agency to track down a customer who has moved without telling them of a change of address. There is a legitimate interest to recover the debt.

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Download now

    Skillcast at Learning Technologies 2020

    About Learning Technologies 2020 (#LT2020UK) Learning Technologies is Europe's leading conference dedicated to organisational learning and the technology that supports it. It's on February 12-13th at ...

    Read More
    The Biggest Financial Crime Fines

    Monetary fines are the most common punishment for financial crimes. They serve as a powerful tool for encouraging companies to apply best practices to ensure 100% compliance. Yet, despite all the ...

    Read More
    What are the Best Workplace Learning Theories?

    Learning theories have been developing for decades, each has their own merits. We look at six of the most well established theories to explain how you can use them to improve outcomes. When designing ...

    Read More
    Biggest GDPR Fines of 2019

    Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest. We examine the size and reasons for the biggest GDPR fines of 2019. Ever since ...

    Read More