By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
The Six Bases (The Tools in the Box):
Consent: The person said "Yes, you can use it for this specific thing."
Contract: You need the data to fulfill a deal (e.g., ship a product).
Legal Obligation: The law says you have to collect and keep this data.
Vital Interests: It's a life-or-death emergency.
Public Task: Official authority (usually for government bodies).
Legitimate Interests: You need it for your business, and it doesn't unfairly harm the person's rights.
Match the Scenario to the Basis:
Scenario A: The Online Purchase A customer enters their home address and credit card details on an e-commerce site to buy a pair of shoes.
The Basis: Contract. You cannot ship the shoes without the address, and you cannot take payment without the card details. This processing is necessary for the contract.
Scenario B: The HR File An employee gets hired. The company asks for a copy of their passport and their previous salary slips to set up payroll and verify their right to work.
The Basis: Legal Obligation. The company is legally required to verify right-to-work documents. They are also legally required to pay them correctly and report taxes. It's not about "asking nicely"; it's the law.
Scenario C: The Security Camera A shopping mall installs CCTV cameras to prevent crime and ensure shopper safety. They put up signs at the entrance saying "CCTV in operation."
The Basis: Legitimate Interests. The mall has a legitimate interest in protecting their property and ensuring a safe environment. They balance this against the shopper's privacy by using signs and limiting camera placement (not in changing rooms).
Scenario D: The Medical Emergency An ambulance rushes an unconscious person to a hospital. The doctors need to access their medical history or blood type to save them, but the patient cannot consent.
The Basis: Vital Interests. The processing is necessary to protect someone's life.
Scenario E: The Marketing Email (No Purchase) A website has a pop-up: "Sign up for our newsletter for 10% off." The user ticks the box. The company then sends them weekly emails.
The Basis: Consent. The user took a clear, affirmative action to opt-in. The company must keep records of this consent and allow easy opt-out.
Scenario F: The Bank's Legal Duty A bank notices a series of strange transactions that look like money laundering. They freeze the account and report the customer's data to the financial crime agency.
The Basis: Legal Obligation. (Or Public Task). Anti-money laundering laws force the bank to do this. They don't need the customer's permission.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.