You are here:
How to choose which ‘lawful basis’ to use under the GDPR
Under the GDPR, it’s crucial to identify the lawful basis (or legal reason) you can use to justify why you process personal data. Use the process below to work out which of the 6 lawful bases to use for each of your data processing activities, and avoid wasting time seeking consent that you don't need.
Contents
- What are the lawful bases and why do they matter?
- Public task
- Legal obligation
- Fulfilling a contract
- Vital interests
- Legitimate interests
- Consent
- Additional conditions for special category and criminal offence data
- What do we do once we've identified our lawful basis?
- 'Cheat sheet' for data protection officers
- Child protection files: transfer
- Data protection impact assessments
- Data protection impact assessments: template and checklist
- Data protection: latest updates
- Data protection officer: who can it be?
- Data sharing agreements
- DPO's report to governors: template
- DPOs: what your school must do for you
- Email security: sending personal data
- Freedom of Information Act: guidance
- GDPR compliance for visiting staff
- GDPR: contacting parents
- GDPR: ensuring your suppliers are compliant
- GDPR for schools' commercial activities
- GDPR jargon buster
- GDPR: managing your photo archives
- GDPR: most common questions 6 months on
- GDPR mythbuster
- GDPR: seeking consent for processing personal data
- GDPR: sending out direct marketing
- GDPR: sharing medical information
- GDPR: sharing safeguarding information
- GDPR: template record of processing activities
- GDPR: using apps and online services with pupils
- Help your staff understand the GDPR: posters and handout
- How to clean out your data: decision flowchart
- How to comply with the General Data Protection Regulation
- How to respond to subject access requests in the summer holidays
- Information audit: template
- International data transfers under the GDPR
- MATs: getting GDPR-compliant across your trust
- Parents' right to see their child's educational record
- Paying the data protection fee
- Personal data breach procedure and poster
- Poll results: how is the DPO role taking shape?
- Poll results: who are schools choosing as their data protection officer?
- Processing data: at what age can pupils give consent?
- Pupil records: transferring to other schools or providers
- Recording and managing consent under the GDPR
- Recording phone conversations: informing callers
- Requests for information: guidance and template record
- Requests from parents to see pupils' information: FAQs
- Schools' reporting requirements
- Sending personal data by post: managing risk
- Sending personal data home with pupils
- Sharing data in schools
- 'Special category' data under the GDPR
- Subject access requests: guidance and template forms
- Taking and displaying pupil photos and information
- Taking documents home: securing personal data
- The General Data Protection Regulation explained
- QuickRead: The General Data Protection Regulation (GDPR)
- The role of the data protection officer (DPO)
- To-do list for data protection officers (DPOs)
- Using personal devices: securing personal data
More from The Key
Coming soon: summer term safeguarding briefing
Brief your staff on the latest statutory guidance this summer term.
CPD Toolkit makes it easy to run training in-house
Covering topics including differentiation, assessment, SEND and growth mindset, CPD Toolkit has been created by subject experts and tested by teachers to guarantee practical, engaging training that's also excellent value for money.
- In the news: Your weekly round-up for 15-22 March 2019 22 Mar 2019 08:00
- In the news: Your weekly round-up for 8-15 March 2019 15 Mar 2019 08:00
- In the news: Your weekly round-up for 1-8 March 2019 8 Mar 2019 08:00
- In the news: Your weekly round-up for 22 February-1 March 2019 1 Mar 2019 08:00
- Need-to-know: Reception baseline assessment – national pilot launched 27 Feb 2019 14:31
The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence.