DEMO

Book a demo!

Book a no obligation demo with one of our email experts. Discover how e-shot™ can help you:

One of our team will call you for a brief chat so we can cater the demo to your specific requirements and show you the relevant tools and features that will deliver you the best results.

Blog

GDPR

Introduction to Legitimate Interest and direct marketing

14 May 2018 by Sadie Burgess

With GDPR only moments away you need to have all your ducks lined up and standing to attention. We have talked a lot about various aspects of the regulations over the past weeks, and this time we turn our attention to the lawful ground of legitimate interest.

But first a quick recap

What are the six lawful grounds for data processing?

Article 6.1 of the GDPR defines the lawful grounds for data processing as follows:

  • Consent of the data subject
  • Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
  • Processing is necessary for compliance with a legal obligation
  • Processing is necessary to protect the vital interests of a data subject or another person
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. (Note that this condition is not available to processing carried out by public authorities in the performance of their tasks.) 


Of these 6 defined grounds, no single basis is better or more important than the others. But we, as marketers, will chiefly be interested in the grounds of legitimate interests and consent. Click here for more on consent

The decision on the lawful ground on which to process the data is a key decision and to be taken seriously as you need to document it prior to processing.  And you need to take care to get it right first time as you should not swap to a different lawful basis at a later date without good reason.

Legitimate interest and direct marketing

The GDPR states, ‘the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.’ Couple this with the requirements of PECR (Privacy and electronic communications regulations) and you have a detailed set of practices to abide by, particularly if you are only concerned with B2B communications.

It is best to consider each communication in turn as for example in the b2c world an abandon basket reminder email could be considered under legitimate interest, whereas a general newsletter would more likely need consent. So how do you decide?

Whist consent is cut and dry, you either have it or you don’t, legitimate interest is a little more complex and can be broken into 3 parts;

1. purpose test – are you pursuing a legitimate interest

2. Necessity test – is the processing necessary for the purpose

3. Balancing test – do the individuals rights override the legitimate interest

All of which needs to be documented before processing takes place, as a legitimate interest assessment. Legitimate interest is most likely to be the appropriate basis when you use data in a way people would reasonably expect and has minimal privacy impact, and where people would not be surprised or likely to object. If you choose legitimate interest you take the extra responsibility for ensuring that people’s rights and interests are fully considered and protected.

For more information, the ICO has published detailed guidance on Legitimate Interests and the Data Protection Network has also published industry-led  Legitimate Interests Guidance which includes examples of where Legitimate Interest may apply and an LIA template.

Tags: consent legitimate interest data processing