Book a no obligation demo with one of our email experts. Discover how e-shot™ can help you:
One of our team will call you for a brief chat so we can cater the demo to your specific requirements and show you the relevant tools and features that will deliver you the best results.
14 May 2018 by Sadie Burgess
With GDPR only moments away you need to have all your ducks lined up and standing to attention. We have talked a lot about various aspects of the regulations over the past weeks, and this time we turn our attention to the lawful ground of legitimate interest.
But first a quick recap
What are the six lawful grounds for data processing?
Article 6.1 of the GDPR defines the lawful grounds for data processing as follows:
Of these 6 defined grounds, no single basis is better or more important than the others. But we, as marketers, will chiefly be interested in the grounds of legitimate interests and consent. Click here for more on consent
The decision on the lawful ground on which to process the data is a key decision and to be taken seriously as you need to document it prior to processing. And you need to take care to get it right first time as you should not swap to a different lawful basis at a later date without good reason.
Find out how a preference centre will help you comply with GDPR.
Click to tweet
Legitimate interest and direct marketing
The GDPR states, ‘the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.’ Couple this with the requirements of PECR (Privacy and electronic communications regulations) and you have a detailed set of practices to abide by, particularly if you are only concerned with B2B communications.
It is best to consider each communication in turn as for example in the b2c world an abandon basket reminder email could be considered under legitimate interest, whereas a general newsletter would more likely need consent. So how do you decide?
Whist consent is cut and dry, you either have it or you don’t, legitimate interest is a little more complex and can be broken into 3 parts;
1. purpose test – are you pursuing a legitimate interest
2. Necessity test – is the processing necessary for the purpose
3. Balancing test – do the individuals rights override the legitimate interest
All of which needs to be documented before processing takes place, as a legitimate interest assessment. Legitimate interest is most likely to be the appropriate basis when you use data in a way people would reasonably expect and has minimal privacy impact, and where people would not be surprised or likely to object. If you choose legitimate interest you take the extra responsibility for ensuring that people’s rights and interests are fully considered and protected.