EU GDPR Art 6 – Global Relay Intelligence & Practice

EU GDPR Art 6

Sets out the lawful bases on which personal data can be processed. The lawful basis must be determined and documented before processing of the personal data begins.

Rule Overview

Jurisdiction: European Union

Regulator: ESMA

Topic: Data Protection

Overview

Rules in This Collection

Notable

Latest News

Further Reading

Processing of personal data is lawful for the following reasons only:

subject has given consent;
contractual necessity;
legal necessity;
protection of a person’s vital interests;
public interest; and
legitimate interest except where overridden by fundamental rights.

The last point does not apply to public authorities performing their tasks.

Where processing is not based on consent or legal sanction the controller needs to take into account:

link(s) between original collection purpose and intended further processing purpose(s);
context of original collection (relationship between subject and controller);
nature of the data;
possible consequences of intended further processing; and
existence of appropriate safeguards.

Rules in This Collection

EU GDPR Art 6 This Rule

Notable

CJEU makes landmark decision in Meta vs Bundeskartellamt

Privacy

CJEU makes landmark decision in Meta vs Bundeskartellamt

July 27, 2023

Judgment allows GDPR scrutiny through antitrust regulators and imposes limitations on personalized use of consumers’ personal data.

Verena Grentzenberg | DLA Piper, Philipp Schmechel | DLA Piper, Dr. Jonas Kranz | DLA Piper12 min read

Norwegian Data Protection Authority wins against Meta in court

Privacy

Norwegian Data Protection Authority wins against Meta in court

September 8, 2023

The Norwegian authority has put a temporary ban on the social media giant after its illegal behaviour-based marketing.

Martina Lindberg1 min read

Using data protection to counter bias in generative AI

AI

Using data protection to counter bias in generative AI

October 5, 2023

Practical steps to mitigate against bias and hallucinations when using and developing AI models.

Kirsten Ammon | Fieldfisher5 min read

Privacy

CJEU makes landmark decision in Meta vs Bundeskartellamt

Privacy

Norwegian Data Protection Authority wins against Meta in court

AI

Using data protection to counter bias in generative AI

Latest News More on EU GDPR

Data

Navigating data protection compliance in Africa’s top tech investment hubs

July 11, 2025

How data protection regimes in Nigeria, South Africa, Kenya, and Egypt affect investment structuring, technology deployment, and operational scalability.

Kuda Hove, Bridget Mafusire6 min read
Data

Datatilsynet reports 2024 as record year for new cases and data breaches

July 8, 2025

The authority issued its largest fine to date, and experienced an increase in reports of personal data breaches.

Martina Lindberg2 min read
Data

Administrative fines by Irish DPC down more than 50% in 2024

July 3, 2025

The DPC processed fewer new cases, but received an 11% increase in GDPR breach notifications.

Martina Lindberg3 min read
Data

Number of GDPR fines in EU healthcare steady, but average fine rises steeply

June 25, 2025

Deep dive into the life science and healthcare findings from the CMS GDPR Enforcement Tracker Report 2025.

Martin Kilgus | CMS4 min read
Privacy

OPINION: Will UK Online Safety Act be a toothless tiger in the battle against fraud?

June 13, 2025

As the digital landscape continues to evolve, social media platforms are empowering fraudsters to exploit the vulnerable and gullible.

Martin Kenney | MKS Law3 min read
$Vodafone fined for GDPR infractions in Germany$

Data

Vodafone fined for GDPR infractions in Germany

June 12, 2025

Failure to adequately monitor the work of third-party agencies and security deficiencies of online portal lead to a €45m ($51m) fine.

Thomas Hyrkiel1 min read
Privacy

European Commission proposes GDPR simplification for small mid-cap companies

June 11, 2025

Proposal to extend exemptions from GDPR record-keeping.

Clarisse Knaebel3 min read
Privacy

Navigating Africa's data privacy frontier

June 9, 2025

While the regulatory framework is currently fragmented, Africa holds a lot of unleashable potential.

Kuda Hove, Bridget Mafusire5 min read

Further Reading

ICO guide to lawful basis