While you may read a lot regard consent in relation to the General Data Protection Regulation (GDPR). However, this is not the sole reason organizations can process personal data. There is also legitimate interest to be considered. This will all have to be reviewed and accounted for before the May 25 2018 date when GDPR becomes enforceable.
Detailed guidance regarding legitimate interest is not yet published. However, there are some simple facts that it is vital for businesses to be aware of.
What is Legitimate Interest?
Legitimate interest is when a business or group can argue that it has a legitimate reason for processing the personal data of a person. This can be with or without the consent of a person, depending on the situation in question. It is vital to remember that the fundamental rights and freedoms of a person must always be considered when processing personal information.
For example, legitimate interest could be when a company uses personal data they already store for the purposes of direct marketing. Data that is received before May 25 2018 can be used for this reason, as long as it was given in a consensual way to begin with and the person can reasonably expect it to be used. If a business has any worries about whether legitimate interest is an adequate reason to process personal data, it is best to seek consent from the person.
Personal data can also be saved at the request of specific certain third parties; often for legal or financial reasons. If a business or organization processes personal data for this reason, they must to be certain that the personal freedoms of the person are always taken into account.
Legitimate interest is not always a valid reason for processing personal data, especially in relation to direct marketing. Any data protection worker who has oncerns about processing data in this manner should advise the person in question of the use for other reasons, such as the provision of consent by the person.