Legality of data processing

Processing of personal data in accordance with GDPR

Each entity and organization that processes personal data is based on one of the legal bases for processing. GDPR in Article 6 presents several grounds for data processing. Their use depends on the type of data and its classification. GDPR defines two types of data. The first one is called ordinary data and the second one is called special category personal data.

The processing of ordinary personal data may be based on the following grounds:

  • based on CONSENT (Article 6(1)(a) of the GDPR),
  • based on the AGREEMENT (Article 6(1)(b) of the GDPR),
  • pursuant to LAW (Article 6(1)(c) of the GDPR),
  • in order to PROTECT VITAL INTERESTS (Article 6(1)(d) of the GDPR),
  • in order to carry out a PUBLIC TASK (Article 6(1)(e) of the GDPR),
  • in order to pursue LEGAL INTEREST (Article 6(1)(f) of the GDPR).

Processing of special categories of personal data:

  • based on CONSENT (Article 9(2)(a) of the GDPR),
  • pursuant to LAW (Article 9(2)(b) of the GDPR),
  • Courts,
  • Health prevention.

Using the GDPR Risk Tracker tool, the user obtains information about whether his or her activities meet the legality principles by answering a series of targeted questions.

GDPR Risk Tracker and legality rules

The GDPR Risk Tracker application allows the user to verify whether the processing activities performed by organizations comply with the processing rules arising from the GDPR. Based on a set of selected and carefully selected questions, our tool allows you to determine whether the Administrator meets the legality rules.

The questions are formulated in such a way that their structure allows for a better and more detailed description of the circumstances affecting specific aspects of the proper processing of personal data. The questions generated by the GDPR Risk Tracker allow the user to understand and learn about the aspects that he or she needs to pay attention to in order to be able to say with reasonable confidence that he or she is correctly processing data in the activity. Thanks to this design of our system, the user can fully concentrate on providing the correct answers, as he does not have to create the entire picture of the processes' operation on his own. This form is much more effective, transparent and reliable compared to creating entire processes and defining them yourself.

Knowledge and experience of experts

The application user can rely on the knowledge of experts creating our tool at every stage of his work with GDPR Risk Tracker. Experience gained during implementations carried out over the last dozen or so years, case studies and reference to the relevant standards included by ISO. It allows the user to focus solely on entering data and answering questions asked by our Data Protection Risk Analysis and Impact Assessment (DPIA) application. All activities undertaken within our tool allow for verification of GDPR compliance of current and future processes taking place in the organization represented by the user or users.

Other lists and registers Nature of processing