What is the lawful basis for processing personal data and retaining it under the GDPR?
Under the General Data Protection Regulation (GDPR), every organisation that processes personal information needs to ensure it does so lawfully, fairly and transparently. Documenting your processes is essential. If you cannot demonstrate a lawful basis for processing before you start, any processing you carry out will necessarily be unlawful and you will be subject to the higher level of fines (up to €20m or 4% of annual global turnover – whichever is greater).
Full article is available to IT Faculty members and subscribers to Faculties Online