Javascript is required

Legitimacy of processing

Paul-Emmanuel Bidault
Paul-Emmanuel Bidault
27 December 2023·2 minutes read time

Article 5 of the GDPR states that data processing must have a legitimate purpose.

Legitimacy is part of a broader framework than the 6 legal bases for processing personal data.

The legitimacy of the processing is understood as compliance with the rules applicable in the context of the processing.

In fact, the purpose of processing must not only comply with the rules of the GDPR, but also with the other rules covering the activity carried out by the processing (in particular, employment law, contract law, consumer law).

These rules may come from different sources: decree, law, international standards, custom, case law, etc.

For example, processing whose purpose is to give discounts to customers with a "coloured" sounding name and to charge more to customers with an Asian sounding name cannot be legitimate. In fact, the processing leads to discrimination, the prohibition of which, although not provided for by the GDPR, is contrary to fundamental rights.

Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.