Article 6

1 Mar 2022

Article 6 lists the six legal bases that data controllers can use to justify their use of personal data. Without a legal basis, processing cannot be done lawfully under the GDPR.

The six available legal basis for processing are:

Consent;
performance of a contract (including steps to conclude a contract);
legal obligation;
vital interest of the data subject or another individual;
task of public interest; and/or
legitimate interest of the controller.

The controller needs to determine which legal basis to use before they start the processing of data. Which legal basis that is the most appropriate depends on the context of your processing. The purpose of the processing and the relation to the data subjects are two factors that should be considered when choosing a legal basis.

Extra sensitive data
The Court of Appeal on the usage of facial recognition
Legal basis and the GDPR
Anonymization and GDPR compliance; an overview
What does the right to be forgotten mean for businesses?

Related Terms:

Term: Data Controller
Term: legitimate interest
Term: Article 6
Term: Personal Data
Term: Legal Basis
Term: Processing
Term: General Data Protection Regulation
Term: Consent
Term: Data Subject
Term: Controller

European Essential Guarantees Recommendations

Data Protection Officer (DPO) guide

DPO conflict of interest

New SCCs from EU – the Definitive Guide

Legitimate Interest Assessment – all You Need to Know

GDPR article 49 derogations applicable to international transfers

How GDPR Affects Recruitment

Retention Policy – An overview

Follow to stay updated

most viewed

Schrems II a summary – all you need to know

What is a Personal Data Breach?

Audit Powers of the Data Protection Authority: How to Prepare

trending now

DPO conflict of interest

Schrems II a summary – all you need to know

Extra sensitive data