11/28/22
Legal Basis • Processing of Personal Information can only occur when there is a legal basis for carrying it out. • Legal Basis can be established where one of the following applies: – The person has given explicit consent – Necessary for performance of a contract – Compliance with a Legal Obligation – To protect the vital interests of the person – A task carried out in the public interest – For the legitimate interests of the data controller
53
Consent • Individuals must be informed of what their data is going to be used for, who will have access to it, where it will be stored and how long it will be held for • They must give their consent for their data to be used • Consent must be ‘ freely given, specific, informed and unambiguous ’ • Members cannot be forced into consent or unaware that they are giving consent • Obtaining consent requires a positive indication of agreement – it cannot be inferred through silence (not objecting), pre-ticked boxes or inactivity • Consent must be ‘ refreshed ’ – It cannot be deemed as indefinite • Consent must also be verifiable – Data Controllers must be able to demonstrate that consent was given and an audit trail should be maintained • ‘Legal Basis’ can be used to process information in the absence of consent in certain, very specific, circumstances • It must be easily possible for a person to withdraw their consent
54
27
Made with FlippingBook - Online catalogs