By Carlos Vera, IP/IT Compliance Lawyer at SIA Group.

Suitability of the legal basis for legitimation of the treatment

All personal data processing is subject to compliance with a series of basic principles. The first of them requires that the treatment be lawful, that is, that it respects current legislation.

The General Data Protection Regulation establishes that processing will only be lawful if at least one of the six conditions provided for in its art.6 is met. These conditions act as the legal basis for legitimizing the treatment. In other words, they allow it and make it legal.

Thus, the treatment will be legal when:

It is done with the consent of the affected person (called “interested party”);
Be necessary for the execution of a contract between the person responsible and the interested party or for the execution of a pre-contract at the request of the latter;
It is necessary for the fulfillment of a legal obligation applicable to the person responsible;
Be necessary to protect vital interests of the interested party or another person;
It is necessary for the fulfillment of the public interest or is carried out in the exercise of public powers;
Be necessary for the satisfaction of legitimate interests of the person responsible or a third party, as long as this interest does not harm the interested parties.

When deciding whether to legitimize treatment, there are three critical points that should always be remembered. The first is that all bases of legitimation are equally valid and, therefore, the person responsible must carefully assess which is the most appropriate for the specific treatment, having taking into account its context, that is, the circumstances in which the data will be collected and, among others, the possibility of applying another legal basis that avoids misleading the interested parties.

Finally, we must not forget that Each basis of legitimation has its specific application requirements. Before applying one or the other, it is necessary to understand how the letters of art. 6 of the RGPD are interpreted. To do this, it is very useful to refer to the recitals of the Regulation and the guidelines of the RGPD. European Data Protection Committee.

Do you want to specialize in Compliance Management and data protection?

He Master in Compliance & Data Protection Management will make you a highly qualified professional with the necessary skills to carry out specialized tasks in two of the most relevant areas for both private businesses as for public administrations: data protection and regulatory compliance or Compliance.

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

*I give my express consent and accept the Privacy Policy.

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad