What's the legal basis for a processing activity?

To process personal data a valid lawful basis is necessary. There are six available lawful bases for processing:

• Consent: The data subject has given clear and affirmative consent to the processing of their personal data for a specific purpose.
• Contract: The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation: The processing is necessary for compliance with a legal obligation to which the controller is subject.
• Vital interests: The processing is necessary to protect the vital interests of the data subject or of another individual.
• Public task: The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• Legitimate interests: The processing is necessary for the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.