What are the lawful bases the data controller can use to process customer data?

What are the lawful bases the data controller can use to process customer data?

The data controller can choose from six data processing bases. These are:

1. Contract- This applies when you need to process the customer's personal data to fulfill your contractual obligations, or to take some action based on the customer's request (e.g. sending a quote or invoice).

2. Legal Obligation- This applies when you have to comply with an obligation under any applicable law (e.g. providing information in response to valid requests, such as an investigation by an authority).

3. Vital Interests- This applies to urgent matters of life and death, especially with regards to health data.

4.  Public Task- This applies to activities of public authorities.

5. Legitimate Interests- These can include commercial interests, such as direct marketing, individual interests, or broader societal benefits.

6. Consent- Consent is also a lawful basis to process data. Consent of the data subject means "any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."

The processing activities under these lawful bases should take place in ways that people normally expect. The controller must document and keep a record of decisions on legitimate interests in the form of a Legitimate Interests Assessment.

    • Related Articles

    • Managing Lawful Bases for Data Processing

      Switch on GDPR Compliance options Under compliance settings, you need to first switch on GDPR compliance settings if it applies to your business. Users with the Manage Compliance Settings profile permission can enable and view the features available ...

    • Consent Management

      Zoho CRM's consent management settings helps you get consent from your prospects and customers. We provide a system where you can customize the consent form, include it in your email templates, set consent related preferences, and most importantly, ...

    • How often can I review the lawful basis of processing data?

      As the data controller, you should periodically review the lawful basis under which you processed customers' data. This is because the lawful basis under which you initially processed personal data and the purpose of data collection can change over ...

    • Where can I update the data processing basis?

      You can update the data processing basis for customers in the record details page. To do this, click on the Data Privacy tab, select or edit the data processing basis. The third way is through the consent overview dashboard. Go to Setup > Compliance ...

    • Data Subject Rights

      The GDPR explicitly states certain rights for the data subjects in Articles 12 to 23. We need to understand and fullfil them when individuals seek to exercise those rights. Right of access: The subject's right to obtain from the controller, the ...