Lawful Bases for Processing Data
Before you use anyone's personal data you need a valid reason recognised by law — a lawful basis. There are six, and choosing the right one shapes the rights people have and what you must tell them.
The notes below are general guidance to help you understand the options; the correct basis depends on your specific circumstances.
The Six Lawful Bases
- Consent — the person has clearly agreed.
- Contract — you need the data to deliver a service.
- Legal obligation — the law requires you to process it.
- Vital interests — to protect someone's life.
- Public task — for an official function.
- Legitimate interests — a genuine, balanced business need.
Choosing the Right One
You should pick your basis before you start processing and record your decision. For most commercial activity it will be contract, legitimate interests or consent. Do not assume consent is always required — it is often the least convenient option because it can be withdrawn.
Legitimate Interests in Practice
If you rely on legitimate interests you should carry out a short assessment weighing your need against the individual's rights and expectations. Document it so you can show your reasoning if asked.
Frequently Asked Questions
Can I change my lawful basis later?
It is difficult and you should avoid switching after the fact. Choose carefully at the outset and be consistent with what you told people.
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.