You are here:

Last reviewed on 22 April 2021
Ref: 34542
School types: All · School phases: All

Under the UK GDPR, you must identify a lawful basis (or legal reason) you can use to justify why you process personal data. Use our guidance to work out which of the 6 lawful bases to use and avoid wasting time seeking consent you don't need.

You must identify a lawful basis to process personal data 

For all data processing activity you do under the UK General Data Protection Regulation (UK GDPR), you must identify a 'lawful basis' (or bases, as you can choose multiple) to justify the processing of the personal data. We’d love to be able to tell you which basis or bases to use in each situation, but unfortunately you really do have to decide this yourself, based on the context and details of your processing activities.

This is one of the 7 principles of data processing under the UK GDPR - get

More from The Key


Bitesize training with a big impact

Our on-demand training has your whole board covered and lets them learn at a time and pace that suits them.

Help your new governors hit the ground running with our expertly-designed induction training, and our role-specific courses support your link governors develop key skills and confidence in their role.


New eLearning: DSL refresher training

Your DSL’s training should be refreshed at least once every 2 years. 

Designed in collaboration with safeguarding experts, our 2.5 hour online refresher training course reminds DSLs how to put their knowledge into practice, with in-depth, real-world scenarios.


The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.