Skip to content
savvi-logo-colour
SAVVI
Welcome
About SAVVI
The SAVVI Declaration
SAVVI Playbook
Data Standards
Catalogue
Case Studies
Videos
News
Getting Involved
Resources
Share
Explore

Select the GDPR Lawful Basis

Select and justify one Lawful Basis from GDPR Article 6. See the ICO guidance at
A guide to lawful basis | ICO
. The ICO provides a Lawful basis interactive guidance tool at
Lawful basis interactive guidance tool | ICO
What are the lawful bases for processing?
The lawful bases for processing are set out in Article 6 of the UK GDPR. At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(ea) Recognised Legitimate Interest: processing is necessary for the purposes of a recognised legitimate interest. (These include disclosures to public bodies where they state that they need personal data to fulfil a public interest task. ( E.g. disclosures for national or public security or defense purposes, emergencies, prevention or detection of crime, and safeguarding vulnerable individuals.) No requirement to balance the data subjects rights and freedoms.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
There are no rows in this table
Each lawful basis needs to be considered individually, taking into account the ICO Guidance. It is likely that, for a SAVVI Purpose, as a public body
where you have a statutory-obligation/duty to provide a service, select (c)
otherwise, where you have established a remit/power to provide a service, select (e)
otherwise, where the purpose is essential to saving lives, select (d)
otherwise, in limited circumstances there may be a case for a Public Body to select (f)
for data-sharing with or by third parties to support public bodies’ tasks select (ea)
A SAVVI vulnerability initiative would be unlikely to use (a), or (b)

Steps


Resources V2.png
action.png

Select a GDPR Article 6 Lawful Basis

Read the ICO guidance and select one Article 6 Lawful Basis.

action.png

Extra steps if Legitimate Interests’ was selected

The ICO provide
further guidance
and an assessment template at
gdpr-guidance-legitimate-interests-sample-lia-template.docx (live.com)
… which helps to determine if Legitimate Interests is appropriate.

Stop.png

No Lawful Basis?

If no appropriate lawful basis is selected, the data processing cannot continue.

There are no rows in this table



Want to print your doc?
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.