Processing and transferring data

Copyright © 2026 LexisNexis

This subtopic explains and provides practical guidance on the six potential lawful grounds for processing personal data under the United Kingdom General Data Protection Regulation (UK GDPR) (Assimilated Regulation (EU) 2016/679), also known as the legitimate grounds or conditions for processing. It also provides practical guidance on specific issues such as:

  1. legitimate interest assessments

  2. direct marketing

  3. data processing in the employment relationship

  4. supply chains under data protection law

  5. data sharing between controllers

  6. processing children’s personal data

Lawful grounds for processing personal data

There are six potentially lawful grounds for processing personal data:

  1. the data subject has given consent to the processing of their personal data for one or more specific purposes

  2. processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract

  3. processing is necessary for compliance with a legal obligation to which you are subject

  4. processing is necessary to protect the vital interests of the data subject or another natural person

  5. processing

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

Risk & Compliance weekly highlights—15 January 2026

This week's edition of Risk & Compliance weekly highlights includes the latest Risk & Compliance monthly forecasts, the IASC’s proposal for UK forced labour and human rights legislation and a recent Admiralty Court judgment.

OFSI updates General Licence INT/2024/4423849 and related sanctions guidance to reflect revised oil price cap

The Office of Financial Sanctions Implementation (OFSI) has updated sanctions-related guidance and licensing materials following the announcement of a reduction in the crude oil price cap to $44.10 per barrel, which will take effect on 31 January 2026. The updates include amendments to General Licence INT/2024/4423849 to reflect the revised price cap, as well as updates to FAQs 154–158 and 161 in the UK Financial Sanctions FAQs to align with the new cap. The UK Maritime Services Ban and Oil Price Cap industry guidance has also been updated to reflect the revised price cap.

City law firm liable for £2m over partners AML oversight

Law360, London: A London court ruled on12 January 2026 that the liquidators of a property company can recover just over £2.1m from a City law firm after it found a partner had ignored obvious red flags of a client involved in fraud.

New Risk & Compliance forecast as at 13 January 2026

Our new Risk & Compliance forecast (as at 13 January 2026) is now live. This month we report on items including (1) new ICO items on data subject requests and personal data breach logging, (2) new proposals from the IASC for UK forced labour and human rights legislation, (3) progress on the Employment Rights Act 2025, (4) and updates relating to ICO’s guidance on automated decision making and profiling.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a
Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

Contributory negligence in personal injury claims

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a