The General Data Protection Regulation (GDPR) turns into rule on May 25, 2018. When this occurs, any organization or business that handles the private data of people who reside within the EU will have to abide by the law. This affects whether the organization or business is based in the European Union or not.
As reported by GDPR Article 6, among this law is that there must be a legal base for the handling of private data. There are 6 legal sources which can be utilized in order for an organization or business to legally handle the private data of a person.
- Private data is handled for the genuine interests of a third party or the data controller except when the freedoms and rights of a person supersede these interests. This sort of override is particularly important to take into account in cases where the person is a baby.
- Private data is handled according to the approved authority of a data controller or in connection to steps taken in the public benefit.
- The handling of private data is accomplished with the objective of safeguarding the important interests of a person.
- Private data handling is needed in order for the data controller to abide by legal requirements.
- Private data has to be handled at the appeal of the data subject prior to an agreement is initialed, or the data is required for the performance of the agreement.
- That approval has been offered by a data subject for their private data to be utilized for a particular reason. This approval can only be utilized to that objective. If an organization or business requires handling data for a different purpose, they should request categorical approval to do so.
The GDPR requires that in any case one of these legal reasons should be in place, prior to data can be handled. It’s also vital to see that Article 29 Working Party regulation asserts that more than one source must not be utilized for a single handling activity. When the source has been found it should be conveyed to the data subject, according to GDPR Article 13.
Maintaining a Document of the Legal Basis
It’s not enough for an organization or business to have a lawful basis for handling private data; they should keep a document of the source and of which objective it relates to. If there is no document of this information, the organization or business can be found to be non-compliant. This might result in them being penalized a substantial amount of money; the maximum penalty for non-compliance is 4% of annual turnover or €20m, whichever is more.
These lawful bases for handling private data are described in the GDPR to make sure organizations and businesses handle private data for lawful reasons only. This helps to safeguard the freedom and s rights of any person who resides in an EU country.