Processing personal data—legitimate interests

Copyright © 2025 LexisNexis
Published by a LexisNexis Risk & Compliance expert
Practice notes

Processing personal data—legitimate interests

Copyright © 2025 LexisNexis

Published by a LexisNexis Risk & Compliance expert

Practice notes
imgtext

This Practice Note explains the scope for relying on legitimate interest as a lawful ground for processing personal data under the UK General data protection Regulation (UK GDPR). It is based on the requirements of the UK GDPR, together with

  1. detailed guidance from the Information Commissioner’s Office (ICO): legitimate interests under the UK GDPR, and

  2. European Data Protection Board (EDPB) Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR—according to the ICO, EDPB guidelines are no longer directly relevant to the UK regime and are not binding under the UK regime, however they may still provide helpful guidance on certain issues

For guidance on conducting a legitimate interests assessment (LIA), see Practice Note: How to conduct a legitimate interests assessment. See also Precedent: Legitimate interests assessment—data processing and Legitimate interests assessment flowchart.

Why is this important?

You cannot simply process personal data simply because you wish to do so. You can only process personal data if you satisfy one of the grounds set out in UK GDPR, Art 6(1). These are commonly

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Processing definition
What does Processing mean?

Processing means obtaining, recording, holding, or carrying out any operation on personal data. It includes organisation or alteration; retrieval or use; disclosure and anonymisation, blocking or destruction. Most operations in relation to personal data will constitute processing.

Read more readmore

Popular documents

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an