Meeting minutes
Legal basis categories in DPV
Do we stick with those mentioned in GDPR Art.6(1) or are there other ones we are missing?
Contract, Consent, LegalObligation or LegalCompliance, PublicInterest, VitalInterestOfIndividuals, LegitimateInterestOfController
Georg: in some jurisdictions, everything is permitted unless prohibited by law
So we stick to the 6 categories, and where legal basis doesn't apply or fit, the use-case can opt to not to declare it
1) Consent (not given but only Consent)
2) Contract
Top-level: contract as concept
specialisation can be for contract-performance
contract-negotiation: ???
relationship with Controller-Processor Agreement - is it a contract? Does it fit under the "Contract as LegalBasis" narrative
EnterIntoContract and ContractPerformance as sub-classes of Contract
objections, further thoughts welcome on this
related GDPR clauses: Art.6(1-b) and Rec.44
3) LegalObligation or LegalCompliance - which do we use and how they relate
We can transcribe GDPR Art.6(1-c) as ComplianceWithLegalObligation
Someone may need to: Comply with legal obligations, Demonstrate compliance with legal obligation
current agreements seems to have consensus on ComplianceWithLegalObligation
next time we continue with this and other remaining legal basis
Next Meeting
21 Apr 2021 13:00 WEST / 14:00 CEST