The GDPR mandates that data controllers must demonstrate a legal basis for data processing. The six legal bases for processing listed in the law are: consent, necessity, contract requirement, legal obligation, protection of data subject, public interest, or legitimate interest of the controller.
The right for individuals to correct or amend information about themselves that is inaccurate.
Data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization. According to NIST, this represents information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.GDPR refers to this as sensitive personal data that represents a mixture of private opinions and health information that falls into specialized, legally protected categories. Businesses must treat this data with the highest security.