2LRN4 security awareness platform
NL · EN
← Back to overview

Legal Bases of the GDPR

The General Data Protection Regulation (GDPR) states that personal data may only be processed if there is a valid legal basis. In practice, this is one of the most misunderstood aspects of privacy legislation. Many employees are unsure when processing is permitted and unintentionally make mistakes.

In the e-learning Legal Bases of the GDPR, participants receive a clear and practical explanation of the six legal bases for processing personal data. The course shows that privacy is not about prohibitions, but about making informed decisions beforehand.

The six legal bases covered are:

  • consent
  • performance of a contract
  • legal obligation
  • vital interests
  • task carried out in the public interest
  • legitimate interest

Using realistic examples, employees learn when each basis applies. For instance, why invoices must be retained for seven years, why payroll administration falls under legal obligation, and why public camera surveillance is based on public interest.

The course clearly explains that a legal basis cannot be chosen retroactively. It must be determined in advance, as individuals have the right to know why their data is being processed. It also explains what happens when consent is withdrawn and why implicit consent is never valid.

Attention is also given to the information obligation. Organisations must clearly communicate which legal basis they use, for example through a privacy statement. The course explains how this obligation relates to data subject rights, such as the right of access and the right to be forgotten — and why the latter does not always apply.

With clear questions, practical scenarios and straightforward explanations, this e-learning helps employees apply GDPR rules correctly in their daily work.

What will participants learn?

After completing this course, participants will:

  • understand the six legal bases of the GDPR
  • know when personal data processing is allowed
  • be able to select the correct legal basis in advance
  • understand why consent is not always the best option
  • know what the information obligation entails
  • understand the consequences of withdrawing consent

Who is this course for?

This course is suitable for:

  • all employees handling personal data
  • organisations strengthening GDPR compliance
  • teams aiming to improve privacy awareness
  • employees without a legal background

Why this course is relevant right now

Many GDPR violations result from uncertainty about legal bases. Training employees on this topic reduces compliance risks, prevents complaints and fines, and strengthens trust with customers and stakeholders.