Processing personal data—legitimate interests
Published by a LexisNexis Risk & Compliance expert
Practice notesProcessing personal data—legitimate interests
Published by a LexisNexis Risk & Compliance expert
Practice notesThis Practice Note explains the scope for relying on legitimate interest as a lawful ground for processing personal data under the UK General data protection Regulation (UK GDPR). It is based on the requirements of the UK GDPR, together with
- •
detailed guidance from the Information Commissioner’s Office (ICO): legitimate interests under the UK GDPR, and
- •
European Data Protection Board (EDPB) Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR—according to the ICO, EDPB guidelines are no longer directly relevant to the UK regime and are not binding under the UK regime, however they may still provide helpful guidance on certain issues
For guidance on conducting a legitimate interests assessment (LIA), see Practice Note: How to conduct a legitimate interests assessment. See also Precedent: Legitimate interests assessment—data processing and Legitimate interests assessment flowchart.
Why is this important?
You cannot simply process personal data simply because you wish to do so. You can only process personal data if you satisfy one of the grounds set out in UK GDPR, Art 6(1). These are commonly
To view the latest version of this document and thousands of others like it,
sign-in with LexisNexis or register for a free trial.