“This is so brilliant. It’s like Gardener’s Question Time for GDPR enthusiasts!”
When and how might you be able to rely on Legitimate Interests as the lawful basis for processing personal data for direct marketing purposes?
Recital 47 of the GDPR clearly states, “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” But be careful other rules may apply and for some direct marketing Consent may be a requirement. For example under the UK’s Privacy and Electronic Communications Regulations (PECR) Consent is required for email/SMS marketing to individuals (including sole traders and some partnerships), unless the “soft opt-in” exemption applies.
Robert Bond, Partner and Notary Public at Bristows LLP and DPN Chairman was joined for this webinar by Rosemary Smith, Owner of Opt-4 and co-founder of the DPN and Stephen McCartney, DPO at Pearson Global.
They discuss where Legitimate Interests might be appropriate, the controller-individual relationship, the ‘reasonable expectations’ of the individual and how to conduct an assessment.
We received so many questions during the webinar but just didn’t have enough time to answer them all. We will be publishing a Q&A in due course, to try and address a number of these.
The Data Protection Network (DPN) has published Guidance on Legitimate Interests under the GDPR, which was made possible by contributions from the DMA, ISBA and representatives of some of the UK’s largest companies and institutions. The guidance, which was warmly welcomed by the Information Commissioner’s Office, includes a template for Legitimate Interests Assessment (LIA).
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.