News 4
Processing personal data—legitimate interests
Published by a LexisNexis Risk & Compliance expert
Practice notesProcessing personal data—legitimate interests
Published by a LexisNexis Risk & Compliance expert
Practice notes
This Practice Note explains the scope for relying on legitimate interest as a lawful ground for processing personal data under the UK General data protection Regulation (UK GDPR). It is based on the requirements of the UK GDPR, together with
- •
detailed guidance from the Information Commissioner’s Office (ICO): legitimate interests under the UK GDPR, and
- •
European Data Protection Board (EDPB) Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR—according to the ICO, EDPB guidelines are no longer directly relevant to the UK regime and are not binding under the UK regime, however they may still provide helpful guidance on certain issues
For guidance on conducting a legitimate interests assessment (LIA), see Practice Note: How to conduct a legitimate interests assessment. See also Precedent: Legitimate interests assessment—data processing and Legitimate interests assessment flowchart.
Why is this important?
You cannot simply process personal data simply because you wish to do so. You can only process personal data if you satisfy one of the grounds set out in UK GDPR, Art 6(1). These are commonly
Access this content for free with a 7 day trial of LexisNexis and benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 42 practice areas
Get your quote today and take step closer to being able to benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 36 practice areas
Get a LexisNexis quote
* denotes a required field
To view the latest version of this document and thousands of others like it,
sign-in with LexisNexis or register for a free trial.
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Related documents:
- BA’s long-awaited UK data-breach fine puts spotlight on security of remote-access networks
- Comment—Is UK trial of collaborative UK GDPR enforcement the genesis of a new regulatory model?
- Comment—UK ICO Chief Edwards advocates for guidance as well as enforcement in regulation of data
- EDPB Opinion 14/2019 and the drafting of Article 28 compliant clauses
Practice notes 6
- Data protection principles
- Data protection privacy notices—issues in employment
- DPA 1998 to GDPR comparison—accountability and governance [Archived]
- How to conduct a legitimate interests assessment
- Key definitions under UK data protection law
- The Data Protection and Digital Information Bill [Archived]
Precedents 1
Q&As 1
Key definition:
Processing definition
What does Processing mean?
Processing means obtaining, recording, holding, or carrying out any operation on personal data. It includes organisation or alteration; retrieval or use; disclosure and anonymisation, blocking or destruction. Most operations in relation to personal data will constitute processing.
CONTACT US
