Lawful Basis

TECHNICAL DEFINITION

Under data protection regulations such as the GDPR (Article 6), a lawful basis is the mandatory legal justification for any processing of personal data. The six recognized lawful bases are: consent, contract, legal obligation, vital interests, public task, and legitimate interests, which must be determined and documented by the data controller prior to processing.

BACKGROUND

The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, comparable to interior ministries abroad. Its missions involve anti-terrorism, civil defense, immigration and customs, border control, cybersecurity, transportation security, maritime security and sea rescue, and the mitigation of weapons of mass destruction.

SYNONYMS & ALIASES

• legal basis for processing
• basis for processing
• lawful grounds
• legal justification
• GDPR Article 6
• processing condition

USAGE NOTE

Organizations must determine and document the appropriate lawful basis for each specific data processing activity before it commences.

DEVELOPERS

Organizations developing technology related to Lawful Basis.

• OneTrust

  Develops a comprehensive privacy, security, and governance platform that helps organizations operationalize compliance with regulations like GDPR. The technology enables businesses to manage consent and document their lawful basis for processing personal data through data mapping, assessment automation, and preference management.

• Palantir Technologies

  Creates data integration and analysis platforms, like Gotham, used by defense and intelligence agencies. Their software incorporates features for granular access controls, data retention policies, and audit trails to ensure that data analysis is conducted strictly within the legal frameworks and lawful basis governing the agency's mission.

• BAE Systems Digital Intelligence

  Provides national security and law enforcement agencies with technologies for lawful interception, data analysis, and digital forensics. Their solutions are designed to help government entities legally acquire and analyze intelligence from communication networks in accordance with warrants and other legal mandates.

• Verint Systems

  Offers a portfolio of security and cyber intelligence solutions, including lawful interception and data mining platforms. Their technology is deployed by law enforcement and intelligence organizations to legally monitor and analyze communication data for security investigations, operating under strict legal authority.

• SS8 Networks

  Specializes in lawful intelligence platforms for law enforcement, intelligence agencies, and communication service providers. Their technology provides the capability to intercept and analyze communication data in real-time based on lawful authorization, such as a court order.

• BigID

  A data intelligence platform that uses AI for data discovery, classification, and management. Their technology is crucial for establishing a lawful basis by first helping organizations find and understand all the personal and sensitive data they hold across their enterprise, which is a prerequisite for applying privacy policies and compliance controls.

• TrustArc

  Provides a privacy management platform that helps businesses simplify compliance with global privacy regulations. The technology automates the process of assessing privacy risks, managing data inventories, and handling individual rights requests, all of which are essential for maintaining and demonstrating a lawful basis for data processing.

• Exterro

  Develops a Legal Governance, Risk, and Compliance (GRC) software platform that unifies e-discovery, digital forensics, and privacy. Their tools help organizations manage data subject access requests and data inventories, which are foundational for proving a lawful basis for processing under regulations like GDPR and CCPA.