The Truth about GDPR Personal Data Laws and Legitimate Interest
We have been working with data for over 35 years so are well qualified to sift through the new Regulations to bring you the "Truth About GDPR".
In this new series of blogs we will bring you bite-sized chunks of invaluable information, but if you want to know more now then CONTACT US to get your FREE copy of our GDPR booklet.
With all the hype about consent in the new GDPR, it is easy to forget that consent may not be necessary. Here are the legal ways of using Personal Data:
Consent has been given, compliant with the new rules
For the Performance of a Contract, such as purchasing a property;
Necessary for Legal Obligation, for example, the obligations between an employer and an employee;
To Protect the Interests of the Individual;
Necessary for tasks within the Public Interest, such as law enforcement;
Legitimate Interest – If the company feels it has a legitimate reason to use the Data and that the Individual would reasonably expect it.
So what is Legitimate Interest?
Legitimate interest could be used as one of the legal bases for processing personal data by telephone or direct mail.
It takes into consideration the reasonable expectations of the individual, based on their relationship with the company, such as a client or customer. Using grounds of legitimate interests must be thought through carefully as it must take in the individual's expectations at the time and context of collecting the data.
Processing to prevent fraud is one of the ways legitimate interest can be used, it may also be used to transfer data between different groups of the same central body of a company.
Legitimate interest cannot be used in the case of public authorities or for processing children’s data.