Further Reading: Legitimate interests

Legitimate interest is a lawful basis where processing is:

  • necessary
  • for your business’s legitimate interests, or those of a third party
  • provided those interests do not override the fundamental rights and freedoms of the individual concerned

those interests may be commercial interests, individual interests or broader societal benefits and may include marketing and processing necessary in the detection of fraud

Public authorities can only rely on legitimate interests if they are processing for a legitimate reason other than performing

their tasks as a public authority

For every legitimate interest a Legitimate Interest Assessment (LIA) is required in order to:

  • identify the legitimate interest (is it fair, is it lawful, is there transparency)
  • demonstrate that the processing is necessary to achieve that legitimate interest
  • balance the interest against the individual’s interests, rights and freedoms

The finding of the LIA needs to be recorded


ICO practical guidance on Legitimate Interest with link to more detailed guidance, including a simple LIA

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection- regulation-gdpr/legitimate-interests/how-do-we-apply-legitimate-interests-in-practice/

Working Party Article 29 Opinion on Legitimate Interests 06/2014 https://ec.europa.eu/justice/article-29/documentation/opinion- recommendation/files/2014/wp217_en.pdf