All Collections
GDPR FAQ
Which basis for processing should I use? | GDPR FAQ
Which basis for processing should I use? | GDPR FAQ

Sometimes, there will be multiple legal grounds for processing data. in these cases, which one should you choose? We consider some factors.

Robin Bonass avatar
Written by Robin Bonass
Updated over a week ago

Q: I have identified multiple legal grounds for processing the same set of data. Which legal basis for processing should I choose?

A: You only require one lawful basis in order to carry out the processing in accordance with GDPR. 

You should consider which legal basis may provide conditions for processing which are reliable, and most in-line with your business objectives. 

Consider the extent and limitations of certain lawful grounds.

Consider also the additional workload and burden of proof which may be necessary for establishing certain legal grounds (eg: demonstrating a legitimate interest).

References:

Article 6(1), GDPR

Additional Information:

In some situations, it may in fact be a disadvantage to seek out additional grounds for processing, when one legal basis is already known.

Consider, for example, attempting to gain consents and facing refusal or withdrawal, when an existing contractual obligation was already in place.

See this previous response to a customer’s GDPR Frequently Asked Question, for more information.

Did this answer your question?