Legitimate Interests and GDPR

Organisations need to know the “how, when and why”of Legitimate Interests under the General Data Protection Regulation

The Data Protection Network to offer new guidance for commercial and not-for-profit organisations on Legitimate Interests and GDPR

To offer support to the ICO in the run up to May 2018, and in the spirit of Industry and Regulator partnership, the Data Protection Network (DPN) has set up a Working Party, which includes the DMA, ISBA and cross-sector data protection and privacy specialists, to produce guidance for commercial and not-for-profit organisations on the use of Legitimate Interests under the General Data Protection Regulation (GDPR). An initiative that has been warmly welcomed by the Information Commissioner, Elizabeth Denham.

Guidance will include practical advice on:

• Understanding what Legitimate Interests are;
• Identifying areas of processing where Legitimate Interests may apply;
• Making Legitimate Interest Assessments (LIAs) that meet the crucial ‘Balance of Interests Condition’   threshold;
• Effectively and transparently communicating Legitimate Interests to consumers; and
• Supporting the individual’s right to object to processing under Legitimate Interests.

The guidance will cover a broad spectrum of uses of personal data to highlight potential risks and give clarity to individuals on why Legitimate Interests may be good for them as well as for businesses.

Members of the Working Party feel it is crucial for industry to step up and support the Regulator.

Robert Bond, Partner at Bristows LLP and Chairman of the Working Group said, “a cross-industry guide to using the Legitimate Interests condition to lawfully process personal data is both timely and necessary in order to support the work of the ICO in creating practical advice on consent and other lawful data processing mechanisms both now and under GDPR.”

Michael Bond, Data Protection Officer at GLH Hotels said, “the ICO has always been upfront in saying that it would need help from Industry to deliver practical and timely GDPR guidance. The message was clear; the ICO just wouldn’t have the time to do everything itself and Industry would need to roll up its sleeves and get stuck in. ISBA, DPN, and the DMA have dutifully listened to that message and turned up for work with a stellar line-up of experts”.

The DMA’s Managing Director Rachel Aldighieri said, “specifics for using legitimate interest are currently conspicuous by their absence from the ICO’s guidance. Marketers need to know the “how, when and why” of legitimate interests as a legal basis for contacting potential customers so they can better understand and better prepare their businesses to operate properly and compliantly under the GDPR from May 2018. The Information Commissioner, Elizabeth Denham, said she wants to work with industry to develop practical guides, which is why the DMA joined the Data Protection Network’s Legitimate Interests Working Party to work with the ICO and draft practical guides to help the industry.”