Skip to main content

Lawful basis for data processing in GDPR

Meet the new term in the new general data protection regulation (GDPR) – “lawful basis for processing data”. In the heart of this new term are new rules for obtaining and managing user consent. So, let’s dig into what this will it mean for your business or an organization!

You’ve got mail!

Yes, another junk email just appeared in your inbox. Before you click delete, first check who sent it to you and why. Maybe you ordered a new swimsuit a few months back, but were you also asked, if it was ok to be contacted by the seller once a week, forever and ever?
The new law turns this question around to protect you. Does the seller have a lawful basis to store and process your personal data? And what is the basis that they used to send you an email in the first place?

What exactly does “lawful basis for processing data” mean?

According to GDPR laws, the company must be able to prove and describe what lawful basis they use to store and use your personal information. The company can use several types of legal grounds for processing, for example:
  •          Your personal data is required to meet an agreement with, for example to store your shipping address so they can ship your order;
  •          Company might have a legal obligation to keep the data, for example, banks are required to verify your identity to prevent the money laundering;
  •          The data is needed to protect your interests, for example, two factor authentication might require a mobile phone number on file;
  •          Personal data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested, for example, your personal data is needed to verify you at the pooling station next time you cast your vote.

In general, in order for the company to establish the lawful basis for legitimate interest, the company must be able to provide a detailed assessment of that legitimate interest and prove that they have properly considered all the rights of the individual. For example, the need to store sensitive information, such as ethnicity, sexual orientation, etc. can never be a legitimate interest.

Obtaining and managing user consent

As you can see, the bar to establish a legitimate interest is very high and needs to be interpreted on a case by case basis. The consequences for not complying with GDPR are very severe. Penalties under for organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

That's why the safest lawful basis for collecting and using personal data is to collect explicit consent from the individual. It can be as easy as a specific opt-in box for a newsletter when you purchase something online.

Let’s go back to that email you received before. Starting from May 25, 2018, the seller will have to prove that you agreed to receive promotional email and that your email can be stored for that purpose. In addition, the seller must also be able to prove which lawful basis they have for sending you that email. And yes, the seller must make it super easy for you to Opt-out and cancel your agreement and erase your email and other information.

Meet Omnibasis

To comply with those regulations, your company can build a consent management system or turn to the Omnibasis cloud-based platform. Get compliant today by using our cloud based consent management platform from Omnibasis and enable your customers to manage their given consents and permissions as well as documenting your customer interactions. Start today for free at

About Omnibasis

Omnibasis is a business management solution to run your sales, marketing, commerce, and operations powered by Blockchain technology. Visit to meet the operating system for your business.


Popular posts from this blog

The Ultimate Guide to Creating Your Own Non-Fungible Token (NFT) without Writing a Line of Code

The advancement of the Blockchain technology creates new opportunities for new and existing businesses. One of the new use cases of Blockchain technology was to create a non-fungible token (NFT). Do you have this great new business idea or getting ready to launch a startup, and you want to embrace the new world and create your own NFT? Do you have an existing business and want to know how to capitalize on a NFT without writing a single line of code? We will guide you along the journey and help you in all aspects of NFT creation and distribution. You will learn how NFTs are working and show you how to easy it is to use our solution to create your own NFT and determine whether your business needs it. Let’s dive into everything you need to know to build a successful NFT. What is a NFT? A non-fungible token (NFT) is a unit of data on a digital ledger called a blockchain, where each NFT can represent a unique digital item, and thus they are not interchangeable. NFTs can represent

The Ultimate Guide to Digital ID with Mobile Wallet

In this guide you learn everything you need to know about Digital ID wallet and proving your identity with a greater privacy and all your ID credentials at hand on your mobile device. Make A Case for Digital ID How many identity cards do you have in your wallet? Go ahead, open your wallet and count. I counted at least 5: driver license, car insurance, health insurance, dentist insurance, and eye & vision insurance. All these traditional documents have served us well but in a changing world with all of us carrying around a mobile device, our phones can take over the function of those documents. Identity documents like insurance card, national ID cards, driver license all prime target to be wallet items to digitized into the mobile phone. Digital IDs have the power to transform business processes dramatically with new trust, privacy-protection, and security like never before. Products like Omnibasis Digital ID based on omniPass allows customers to benefit from a secure and trus

Digital Proof of Insurance with Mobile Wallet

Digital Proof of Insurance (DPI) refers to an electronic version of an insurance card or policy that can be displayed on a mobile device or computer. DPI is a convenient alternative to traditional paper insurance cards that are often easily misplaced or damaged. Insurance companies around the world are turning to Omnibasis and omniPass solution to offer the option of a digital proof of insurance, allowing policyholders to access their insurance information through a mobile app or online portal hosted by Omnibasis with a branded white label site. For car insurance, most states in United States also allow drivers to show their DPI during a traffic stop, rather than requiring a physical insurance card. Mobile Wallet Introduction Users do not want to download yet another app on their mobile device and prefer to use a mobile wallet. A mobile wallet is a digital platform that allows users to store payment information, loyalty cards, and other types of digital content in a single, c