Legitimate interest is a lawful basis where processing is:
those interests may be commercial interests, individual interests or broader societal benefits and may include marketing and processing necessary in the detection of fraud
Public authorities can only rely on legitimate interests if they are processing for a legitimate reason other than performing
their tasks as a public authority
For every legitimate interest a Legitimate Interest Assessment (LIA) is required in order to:
The finding of the LIA needs to be recorded
References:
ICO practical guidance on Legitimate Interest with link to more detailed guidance, including a simple LIA
Working Party Article 29 Opinion on Legitimate Interests 06/2014 https://ec.europa.eu/justice/article-29/documentation/opinion- recommendation/files/2014/wp217_en.pdf