India, Feb. 6 -- When European regulators designed the General Data Protection Regulation (GDPR), they understood something fundamental about how modern economies function: consent alone cannot carry the weight of an entire privacy framework.

People sign contracts, make purchases, open bank accounts, accept employment, and engage in countless transactions where data processing is necessary regardless of whether they explicitly agree to each processing activity.

The GDPR therefore provided six distinct lawful bases for processing personal data, recognising that consent is appropriate for some contexts but wholly impractical for others.

An organisation under GDPR can process data because the individual consented, but it can equally proce...