What is the GDPR Legal Basis for Processing?

Lawrence Bonk Profile image

Written by:

Updated January 6, 2023

If you are new to the strange world of online privacy, you may wonder what is the GDPR’s legal basis for processing. Many of the best websites and online retailers, after all, have adopted some practices that impact consumer privacy, which is where the GDPR and its consumer protections come into play. So what is the GDPR, what is the legal basis for processing, and how do these laws help average consumers? Keep reading to find out.


  • The General Data Protection Regulation, or GDPR, is a suite of consumer privacy laws for EU citizens with sufficient guarantees of a supervisory authority and protection authorities.
  • The GDPR dictates that companies have a legal obligation to process data with third parties in strict instances.
  • Companies may engage in processing activity when requested by the consumer or when they have official authority on a lawful basis to protect consumer data.

What is the GDPR?

Before learning about GDPR data subjects, it is helpful to understand the GDPR itself. The General Data Protection Regulation, or GDPR, is a suite of consumer privacy laws developed for residents of the European Union (EU.) These rulings pertain to information related to natural persons within the region, so anonymous accounts are not protected by this law, though many use this law to learn if cookies slow down your computer, among other queries.

Insider Tip

These comprehensive regulations are only available to customers residing in the European Union.

Like California’s CCPA law, this ruling allows consumers to request that companies refrain from selling personal data and issue deletion requests if companies violate the aforementioned regulations. There is no GDPR equivalent for the entire US market, though certain states have their own versions if you are comparing the California Consumer Privacy Act vs the GDPR.

What is the Legal Basis for Processing?

This terminology refers to the legal instances in which companies can disperse private information to data processors. These instances are limited and typically tied to user permission and consent. However, there are other scenarios in which it is legal for a company to process personal data via a third party.

Protecting Privacy

In some instances, it helps protect user privacy by sending out personal information to a third party that may conduct an information audit to find any hidden paper trails where the sanctity of data was previously violated.

Conducting Business

If a company must share private information with a third party in order to complete work initiated by the consumer, then that holds up as grounds for legal processing. This can be as simple as coordinating with other retailers to find the best price for the desired item.

STAT: There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual. (source)

Consumer Request

As previously indicated, a consumer can request a company to share their information with a third party for a wide range of reasons, such as tracking down unlawful data brokers.

Lawrence Bonk Profile image