A-Z of data protection - L is for ...

A-Z of data protection: terms you need to know

L

lawful basis / legal basis
• valid grounds or valid reason

lawfulness [EU] / legitimate purpose [PH]
• refers to the need for a lawful basis, or valid grounds, for collecting and processing personal data. Some lawful bases identified by the GDPR and the Philippine DPA include the fulfilment of a contract, compliance with a legal obligation, protection of a person's vital interests, protecting public interest, or for any other legitimate interest / legitimate business interest. A data subject’s consent is also lawful bases for processing.
• Lawfulness is part of the first principle of the GDPR for processing personal data (lawfulness, fairness, and transparency)

least privilege
• a type of security control in information security wherein access is only given to individuals who need it to perform their job

legitimate interest / legitimate business interest [EU/PH]
• legitimate interest may be a lawful basis for processing, provided that these interests do not override the fundamental rights and freedoms of the data subject, and that the personal data is used only in ways the data subject would reasonably expect

limiting use / limitation
• personal data should not be used for purposes other than for which it was collected, unless the data subject has given consent, or unless required by law

linkability
• the extent to which identifiers from one data record can be linked to other datasets or information to determine the identity of an individual

local governance
• refers to a system of governance where power is decentralised. People in lower levels of the organisation are given the authority to make decisions