Privacy Glossary

Lawful Basis

A legal justification under GDPR for processing personal data — one of six bases must apply before processing can begin.

GDPRLGPD

Full Definition

Under GDPR Article 6, every processing activity must be justified by one of six lawful bases: (1) Consent, (2) Performance of a contract, (3) Compliance with a legal obligation, (4) Protection of vital interests, (5) Performance of a task in the public interest, or (6) Legitimate interests of the controller (or a third party), unless overridden by the data subject's interests. The choice of lawful basis has significant implications — it determines what rights the data subject has and what the organisation can do if they object. Controllers must document their chosen lawful basis for each processing activity in their Record of Processing Activities.

Back to all terms

Related terms

Legitimate Interest

A lawful basis under GDPR for processing personal data when a controller has a genuine, proportionate interest that is not overridden by the data subject's rights.

Consent Manager

A platform or system used to capture, record, version, and manage individuals' consent for data processing activities.

RoPA

Record of Processing Activities — a mandatory inventory of all personal data processing activities under GDPR Article 30.

Relevant regulations

GDPR

LGPD

Browse more terms

Explore all 25 privacy and compliance terms in our glossary.

View full glossary

Automate your privacy program

TruePrivacy handles DSRs, consent management, data mapping, and breach response — all in one platform.

Start Free Trial Book a Demo