The DPN publishes its highly anticipated guidance on Legitimate Interest under the GDPR
In the face of tighter rules surrounding consent under the forthcoming GDPR, many organisations are looking to other legal grounds for the lawful processing of personal data.
Last year the ICO called for Industry support on the GDPR and the Data Protection Network (DPN) answered. Over the last few months the DPN’s GDPR working group has been working tirelessly, crafting guidance on Legitimate Interests that is designed specifically to help organisations take Legitimate Interests from concept to practice.
The Guidance has been made possible by contributions from the Direct Marketing Association, ISBA and representatives of some of the largest companies and institutions in the UK.
Under the new EU Regulation, organisations need to identify one of six lawful bases for the processing of personal data. In its Draft Consent Guidance published earlier this year, the Information Commissioner’s Office stressed that Consent should only be used when a genuine choice can be offered. If not, other grounds for processing should be considered.
Legitimate Interests is one alternative, but it needs careful consideration; the interests of an organisation must not be outweighed by the privacy rights and freedoms of individuals.
A draft of the DPN’s Guidance was submitted in the Spring to the Information Commissioner’s Office, and the initiative has been welcomed by both the ICO and the DPC in Ireland as an example of industry proactivity to support Regulators. The ICO will be publishing its own guidance in due course.
The DPN’s Guidance, includes:
- a template for conducting the crucial “3-stage test” – a Legitimate Interests Assessment (LIA)
- examples of where LI might apply (subject to an LIA)
- help on how organisations can fulfil the requirement to communicate the use of LI to individuals
Robert Bond, Chairman of the Data Protection Network and Partner & Notary Public at Bristows LLP said, “I am delighted that the Data Protection Network and other collaborators have been able to publish this Guidance. I appreciate the work of all involved and the Information Commissioner’s Office for valuable scrutiny and comment. This Guidance will be kept under review and updated as necessary.”
Rachel Aldighieri, Managing Director at the DMA said, “In order to prepare for GDPR in time for May 2018, businesses need to understand how, when and why they’re able to use legitimate interest as a legal basis for contacting potential customers. According to our latest GDPR & You research, one in four marketers are concerned about the issue of legitimate interest under the new rules. The ability for marketers to continue to use legitimate interest under the new laws was something the DMA lobbied firmly for, so it’s great to have guidance on this very important issue that has also been welcomed by the ICO.”
Phil Smith, ISBA Director General said, “GDPR is going to transform the marketing landscape dramatically. It is particularly important that there is clarity around how and when marketers can engage with audiences using Legitimate Interest. ISBA and our members were delighted to work with the DPN and DMA to produce this guidance. I am confident that it will help organisations reviewing their processes for the collection and use of data.”
For further information contact:
Robert Bond, Partner, Bristows LLP | Rosemary Smith, Owner, Opt-4 | Michael Bond, Data Protection Officer, GLH Hotels | Philippa Donn, Editor, DPN
E: firstname.lastname@example.org T: 0208 434 3596
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.