Legal Bases for Data Processing
1. Legal Obligation
Definition: Legal obligation arises when processing personal data is necessary to comply with the law.
Examples: Processing employee salary details for HMRC or complying with court orders.
Limitations: Individuals have no right to erasure, data portability, or the right to object when processing under legal obligation.
2. Vital Interests
Application: Relevant mainly to health data, vital interests come into play when processing is necessary to protect someone's life.
Consideration: If less intrusive means are available to protect vital interests, this basis may not apply.
Restriction: Not suitable for health data if the individual can provide consent, even if consent is refused.
3. Public Task
Relevance: Pertinent to public authorities or organizations exercising official authority or public interest tasks.
Criteria: The underlying task must have a clear legal basis.
Example: Private Water Companies may qualify if they carry out public administration functions with legal powers.