Which of the following are available lawful basis under GDPR?  CO2Select one or more:a.Contractual Obligation (Controller and Data Subject)b.Data subject Interestc.Controller and processor contractd.Vital Interest

The lawful bases for processing personal data under the General Data Protection Regulation (GDPR) include:

a. Contractual Obligation (Controller and Data Subject): This is a lawful basis if you need to process personal data to fulfil your contractual obligations with a data subject, or because they have asked you to do something before entering into a contract (like provide a quote).

b. Data Subject Interest: This is not a recognized lawful basis under GDPR. However, there is a similar concept called "Legitimate Interests". This can be used as a lawful basis if you have a genuine and legitimate reason (including commercial benefit), unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

c. Controller and Processor Contract: This is not a recognized lawful basis under GDPR. The relationship between a controller and a processor needs to be established by a contract, but it's not a lawful basis for processing.

d. Vital Interest: This can be a lawful basis for processing personal data, but it is very limited in its scope. It generally only applies to matters of life and death, for example if an individual’s medical history is disclosed to a hospital’s A&E department treating them after a serious road accident.

So, the correct answers are a. Contractual Obligation (Controller and Data Subject) and d. Vital Interest.