Whether you need to require the recipient of the document to consent to the processing of data depends on whether the specific processing of personal data requires such consent. Basically, we suggest using the range of legal grounds for processing provided by the General Data Protection Regulation, which can be found in Art. 6 sec. 1 GDPR, i.e.
- the data subject has given consent to his or her personal data being processed for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for the purposes of compliance with a certain legal obligation to which the Data Controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The use of the legal basis for processing in the use of the Autenti Platform depends on the purposes for which the data is processed.