GDPR Legitimate Interest is a lawful ground to process personal information

legal services to people
in business

Email: info@mmcloughlinsolicitors.com
Phone: +353 71 9134513
Mobile: +353 87 6674534

GDPR Legitimate Interest is a lawful ground to process personal information

Legitimate interest of your business or that of a third party is one of six lawful grounds that you can use to process personal information of a living individual under the General Data Protection Regulation.

Any guidance yet on legitimate interest?

UK guidance has been provided by the UK regulator ICO  and provides:


“It  [legitimate interest] is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.”

To read more on the ICO guidance go here

Existing European guidance from the Article 29 working group Opinion 06/2014  from 2014 is also worth considering for its interpretation of legitimate interest.

Legitimate Interest Assessment

To rely on legitimate interest an assessment should be carried out and documented before a business relies on the legitimate interest ground.


In order to rely on this ground we/ a third party must have:

(a) A legitimate interest;

(b) The processing is necessary for the legitimate interest; and

(c) After having carried out a balancing test, the legitimate interests of the individual do not override the interests of the business or a third party.

Examples

A legitimate interest may include the use of CCTV at a place of work for security purposes which must be balanced against the rights to privacy of the public and employees.

Prevention of fraud is another example.

IT security is another.

Recital 47 provides “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate purpose.”


However other existing law needs to be complied with including the ePrivacy Regulations.


Legitimate interest cannot be relied on if an individual’s right overrides it taking into consideration the reasonable expectations of the individual based on his relationship with the business (Recital 47).

Examples of where legitimate interest may arise include for customers and employees.

Reliance on a legitimate interest requires a careful assessment including whether the individual can reasonably expect at the time and in the context of the collection of the personal information that processing for a legitimate purpose may take place.

Using the legitimate interest ground requires careful consideration and a documented assessment before it is used.

To learn more please contact us.
 


 

Disclaimer

The material in this article is for general information purposes only and does not constitute legal or taxation advice. Specific legal and

taxation advice should be sought before acting. All information and taxation rules are subject to change without notice.

No liability whatsoever is accepted by M. McLoughlin & Co. for any action taken in reliance on the information in this article

Twitter

 


Book an appointment Downloads Subscribe Contact Us

Make Appointments

Subscribe to our newsletters

By signing up to the newsletter I consent to the use of my data to receive information relating to services, events, articles and information about the firm.