1. Consent: the person must give consent and it has to be precisely described. You have to mention in which purpose that personal information will be used. It should also constitutes necessary information for you to have access to.
2. Contract: Amazon asks for a person’s address to deliver her a book. They must therefore store the address. To do so, they must request this data. Amazon can invoke the contractual basis in this case.
3. Legal: HR has to request the national number of the person. The law obliges an employee to give such information. It is than not necessary for a company to ask for consent to their employees to gather that sort of personal information.
4. Public interest mission: For the sake of file constitution for firefighters or paramedics, people’s names are needed. They can be used in that context.
5. Vital interest: In case of emergencies, many informations are requested, such as blood group, name, age. The medical professionals are not required to ask consent because of the vital interest of those informations. These files can be stored if the person is on the point of dying. It is only accepted in case of well-defined treatment : it is forbidden to use it for anything else.
6. Legitimate interest: Information on consumers’ behaviour can be gathered within the scope of market research for example. However, it will be compulsory for the company to prove the precise usage in the future.
Do you want to get more information about GDPR? Read the next articles.
GDPR Series – Episode 4 : What is the material and territorial application of GDPR?
GDPR Series – Episode 5 : How is sensitive data protected by GDPR?
GDPR Series – Episode 6 : How is consent applied in GDPR?
GDPR Series – Episode 7 : What are the risks if GDPR is not respected?