Legitimate Processing Criteria
To process data in compliance with EU data protection law, a controller must be able to base the processing activity on at least one legitimate criteria derived from the Data Protection Directive. These criteria are consent, necessity, contract requirement, legal obligation, protection of data subject, public interest and legitimate interests of the controller.
Reference(s) in IAPP Certification Textbooks: E93-100
Associated law(s): Data Protection Directive