A resource from: The Information Commissioners Office
“For processing to be lawful under the GDPR, you need to identify a legal basis before you can process personal data. These are often referred to as the “conditions for processing” under the DPA.
It is important that you determine your legal basis for processing personal data and document this.
This becomes more of an issue under the GDPR because your legal basis for processing has an effect on individuals’ rights. For example, if you rely on someone’s consent to process their data, they will generally have stronger rights, for example to have their data deleted.” – The Information Commissioners Office
The ICO’s guidance on the new data protection regulations set to come into force in May 2018 is fairly text heavy, but as they’re the enforcement body here in the UK their guidance is probably worth a read.
They provide a breakdown of numerous aspects of GDPR in a series of pages but this one looks at the legal basis for processing data – something that will affect any organisation which even stores personal data.
Its a big change and a lot to get your head around, but guidance straight from the horse’s mouth is a great place to head if you want to understand the intricacies of these new laws.