Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.



Resource Center / Tools and Trackers / Refresher: The GDPR's Six Legal Bases for Data Processing

Refresher: The GDPR's Six Legal Bases for Data Processing

This chart provides a refresher on the six bases for lawful processing under Article 6 of the EU General Data Protection Regulation.

Published: January 2023

Contributor:

Müge Fazlioglu

Click to View (PDF)

This chart provides a refresher on the six bases for lawful processing under Article 6 of the EU General Data Protection Regulation. Given the fines levied in January 2023 by the Irish Data Protection Commission against Meta Ireland, the chart explains the scope of the Article 6 lawful bases for processing, further considerations for determining when each applies, relevant recitals, additional IAPP guidance and resources from supervisory authorities.

Tags: Privacy Law, Privacy Research
Related Stories
Top 10 operational impacts of the GDPR: Lawful bases for processing
In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the EU General Data Protection Regulation. Now, with the May 25, 2018, GDPR-implementation deadline looming, the IAPP is releasing a companion series to present common pra...
Read More
Irish DPC fines Meta 390M euros over legal basis for personalized ads
1
The Irish Data Protection Commission adopted final decisions on two inquiries into Meta’s Facebook and Instagram, fining the company a total of 390 million euros and potentially leading to an upheaval of its personalized advertising model in the EU. The DPC announced Meta’s basis for seeking user p...
Read More
Consent as legal basis for EU and UK employment
Consent is one of the EU General Data Protection Regulation legal bases that can be used to justify the collection, handling or storage of personal data. For consent to be valid, it must be clearly distinguishable from other matters, intelligible and in clear and plain language, freely given, as eas...
Read More