What is the lawful basis for communication?
When creating a contact in Zoho Campaigns, you can assign topics to it. While doing so, you would've seen the "Lawful basis for communication" field under which you need to choose an option. You may be wondering exactly what these options are.
This field will appear if you've enabled GDPR compliance under Settings -> General -> Compliance settings.
There are six bases for communication as stated in the Article 6 of GDPR: Lawfulness of processing. These six are the ones listed in Zoho Campaigns.
When an organization wants to contact you by email, SMS, or phone they must have a valid lawful basis under the GDPR. These bases explain why it’s okay for them to process and send your data.
Consent
You have freely given specific permission for your data to be used. This means you actively opted in without any pre-ticked boxes or unclear agreements. You also have the right to withdraw your consent at any time.
Example: A newsletter sign-up form where you tick a box agreeing to receive marketing emails.
Legitimate Interest
An organization can process your data if it has a genuine and proportionate reason to do so, as long as that reason doesn't override your rights and freedoms.
Example: A company monitors network traffic on its systems to detect fraud or cyberattacks.
Contract
Your data can be processed when it's necessary to fulfill a contract you're part of, or to take steps before entering into one. The data is needed to deliver what you've agreed to.
Example: An online shop processes your delivery address and payment details to complete your order.
Legal Obligation
Sometimes organizations are required by law to process your data, as they simply have no say in the matter.
Example: An employer shares employee payroll data with a tax authority to comply with national tax law.
Vital Interest
This basis applies when processing someone's data is necessary to protect their life, or the life of another person. It's typically a last resort, used when consent can't reasonably be obtained.
Example: Emergency services access a patient's medical records when they arrive unconscious and unable to give consent.
Public Task
Public authorities and certain organizations can process data when it's necessary to perform a task in the public interest, or to exercise official authority granted to them.
Example: A local council processes residents' data to manage planning applications and public consultations.
There's one more option called Not Applicable which you can choose under the Lawful basis for communication field. As the name suggests, if the above six options aren't suitable, you can choose this option.