Processing personal data—legitimate interests—practical examples

Copyright © 2025 LexisNexis
Published by a LexisNexis Risk & Compliance expert
Practice notes

Processing personal data—legitimate interests—practical examples

Copyright © 2025 LexisNexis

Published by a LexisNexis Risk & Compliance expert

Practice notes
imgtext

This Practice Note pulls together practical examples of situations where legitimate interests may be considered as the lawful ground for processing. These examples are taken from several sources:

  1. the Information Commissioner's Office (ICO) UK GDPR guidance and resources—Legitimate interests

  2. European Data Protection Board (EDPB) Guidelines 1/2024 on processing of Personal data based on Article 6(1)(f)

  3. WP29 (now EDPB) Opinion on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC—this predates the EU General Data Protection Regulation (EU GDPR), but Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) are stated to build on this earlier Opinion

According to the ICO, EDPB guidelines are no longer directly relevant to the UK regime and are not binding under the UK regime. However, they may still provide helpful guidance on certain issues.

Lawful grounds for processing personal data under UK GDPR

You cannot simply process personal data because you wish to do so. You can only process personal data if you satisfy one of the conditions set

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Personal data definition
What does Personal data mean?

Personal data means data relating to a living individual who can be identified from such data, either alone or with other information in the data controller’s possession. It includes opinions about, and intentions in relation to the data subject.

Read more readmore

Popular documents

UK GDPR—the basics

UK GDPR—the basicsThis Practice Note explains, in simple terms, the key features of the UK General Data Protection Regulation (UK GDPR). See also Precedent: Data protection quick reference guide.This Practice Note is intended for non-privacy specialists and there are separate, more detailed,

How do I calculate the time limit for responding to a data subject request?

How do I calculate the time limit for responding to a data subject request?The General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR) provides for enhanced rights for data subjects, including providing rights of access, rectification, erasure and restriction of processing, data

Data subject access request form

Data subject access request formPlease complete this form if you wish to request access to your personal data. You do not have to use this form, but it will help us to deal with your request as quickly and effectively as possible if you do.You can also use this form if you are requesting access to

Data protection officer—DPO—job description and role profile

Data protection officer—DPO—job description and role profile1DPO detailsName of organisation[Insert name of organisation]Name of DPO[Insert name]Reports to[Insert name and/or position]Full time/part time[Insert]Details of any other roles held within the organisation[Insert details of any other roles