What are the legal grounds for processing personal data under GDPR?

The legal grounds for processing personal data under the General Data Protection Regulation (GDPR) are clearly defined to ensure that personal data is handled with respect and integrity. The correct option lists all six legal bases established by the GDPR: consent, contract, legal obligation, vital interests, public task, and legitimate interests.

Consent refers to the individual's agreement to process their personal data for specific purposes, and it must be freely given, specific, informed, and unambiguous. Contractual necessity allows processing when it is essential for fulfilling a contract with the data subject. The legal obligation ground enables processing when necessary for complying with a legal duty. Vital interests pertain to scenarios where processing is necessary to protect someone's life. Public task allows processing when it is conducted in the public interest or in the exercise of official authority. Lastly, the legitimate interests ground permits processing when a legitimate interest is pursued, except where this is overridden by the interests or fundamental rights and freedoms of the data subject.

The other options mentioned lack the comprehensive coverage required by the GDPR's framework. Financial gain and market analysis do not constitute legal grounds for processing; instead, the GDPR emphasizes the necessity of specific legal bases. Informal agreements and verbal consent do not meet the stringent requirements set for consent under