...
GDPR Legal Justification | Definition | Privacy Rights (7) | Consent Type Label - Profile Label (Art 30) | Liability/Obligation Controller / Provider liability in the chain for personal data | GDPR Legal Justification | Definition | Privacy Rights (7) | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Consent | Type Label - Profile Label (Art 30)Liability/Obligation Controller / Provider liability in the chain for personal data | Consent | a consent receipt is by default using the legal justification of consent, unless further specified, with additional legal justification which supersedes consent. purpose can be implied by context and is implicit by the action of PII Principle | informed and meaningful consent is explicitly specified to a purpose of use, in such a way that it is clear data will be processed only in the manner specified | Subject Access, Rectification, Erasure, Restrict Processing, Object, Automated Individual Decision Making (6)Implicit Consent | ||||||
Public Interest, Public Org Surveillance | ask carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(e) and Recital 45 | Subject Access, Rectification, Restrict Processing, Object, Automated Individual Decision Making (5)Consent Not Required | Consent | informed and meaningful consent is explicitly specified to a purpose of use, in such. a way that it is clear data will be processed only in the manner specified | Subject Access, Rectification, Erasure, Restrict Processing, Data.Portability (5) | Explicit Consent | |||||
Contractual Necessity | personal data should be processed on the basis of the consent of the data subject concerned or some other legitimate basis, laid down by law, either in this Regulation or in other Union or Member State law as referred to in this Regulation, including the necessity for compliance with the legal obligation to which the controller is subject or the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. | Subject Access, Rectification, Restrict Processing (3) Note; must by binding on processors to be valid.Implicit-Contractual Necessity | |||||||||
Legal Obligation | processing is necessary for compliance with a legal obligation to which the controller is subject. | Subject Access, Rectification, Restrict Processing (3)Consent Not Applicable | |||||||||
Legitimate Interest |
| Subject Access, Rectification, Erasure, Restrict Processing, Object, Automated Individual Decision Making (6) | No Consent Needed | Consent | the consented purpose is in some way implied through the explicit action of the person, e.g. walking through door, entering personal data in a form, or opting-out | Subject Access, Rectification, Erasure, Restrict Processing, Data.Portability (5) | Implied Consent | Consent | the Person defines the privacy requirements of the consent in a Privacy Agreement, where the individual understands and is aware, because the person set the terms. The consent still needs to conform to the legal requirements of Explicit Consent | Consent Directive - Certified Awareness Level | |
Best/Vital Interest of Data Subject, | When consent is not required is when it is legally deemed in the best interest of the data subject to disclose and process personal information. Vital interests are intended to cover only interests that are essential for someone's life. | Subject Access, Rectification, Restrict Processing, Automated Individual Decision Making(4) | No Consent is Needed | ||||||||
NA | when their are not enough information elements for a notice to provide a consent type.legal justification is not provided. Is consent by default? | N/A - To provide legal notice - which includes what notice Fake Notice Should Be Reported by Investigatorno legal justification type detected or contact of adhesion defined as consent | OPN-MDC-Receipt transfers liability.
|