Lawfulness means that personal data may only be processed if this is done on a legal basis. This may be based on the consent of the data subject, for the performance of a contract, for compliance with a legal obligation or for the protection of vital interests. The processing must also be carried out in good faith and in a manner that is comprehensible to the data subject.
Transparency is a key aspect of lawfulness. Data subjects must be informed clearly and comprehensibly about how their data is collected, used and protected. This includes information about the identity of the controller, the purposes of the processing, the legal basis and the rights of the data subjects.

