Processing is GDPR means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Under GDPR, organizations must process personal data lawfully, fairly, and transparently. To comply this principle, Chapter 6 of the GDPR requires any organization processing personal data to have a valid legal basis for that personal data processing operation. For example Consent is one of the six allowed methods.

The legal basis is the foundation for data processing under the GDPR. It means that if an organisation wants to process personal data, there is a need to identify specific legal grounds for the processing. There are six options:

1. Consent - like in cookie consent. In GDPR Article 4(11) consent is defined as : any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Contract - in case you use contract with you customers.
3. Legitimate Interest - for example use of personal data for fraud detection.
4. Vital Interest - for example in emergency medical care situations.
5. Legal Requirements - for example comlianace with money anti-laundering laws, taxes, etc...
6. Public Interest - processing required for public interest.