New guidance on using Legitimate Interest legitimately for GDPR

11-Jul-2017 11:34:00 / by Lara Bonney

Lara Bonney


People have many questions regarding Legitimate Interest in connection with the General Data Protection Regulation. Answers to these can be found in the recently published Guidance on the use of Legitimate Interests under the GDPR.

Developed by the Data Protection Network and welcomed by the Information Commissioner’s Office, this gives guidance as to which circumstances Legitimate Interest may apply to.

I advise everyone to read this Guidance. In partcular, I'd like to highlight some key elements:


1. Legitimate Interest is acceptable for processing personal data

The Guidance reiterates that Legitimate Interest is one of the six lawful grounds for processing personal data. All six have an equal legal basis.

It also makes clear that "A direct relationship with the individual is not essential for relying on Legitimate Interests although the requirement to inform individuals that you have obtained their data from a Third Party would have to be taken into consideration."


2. Legitimate Interest can be used for direct mail from third parties

The Guidance provides helpful examples to illustrate where a Data Controller may consider the use of Legitimate Interest for processing personal data. One of these directly related to catalogue marketing:



A catalogue company adds details to its online order forms which indicate that it shares data with other cataloguers. The purchaser can opt-out of this sharing and the cataloguers are listed in the Privacy Statement.


 Although this guidance states end-user cataloguers need to be listed, this is currently being questioned in the guidance around Consent. Our advice for now is to be explicit about the categories the cataloguers operate in (e.g. Food & Wine, Clothing etc.). In terms of the Abacus Alliance, these would be: clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. 


3. A layered approach to providing consumers with information is acceptable

When informing individuals about the processing of their data, this has to be “…..explicit, clear and separate from other information.” The guidance recognises this could result in notices becoming too detailed and difficult to understand.

To avoid this in an online environment, it suggests you can use a ‘layered’ approach. Here, you can provide links for individuals to click on to access more detailed information should they wish to. Page 16 of the Guidance provides an example of how this can work. 

 The publication of this Guidance is a big step forward. It begins to provide clarity around this issue in the same way the Consent guidance does. Although this may not be the final version, it is very helpful in preparing for GDPR as it answers many of the questions that are being raised.    


Want to find out more about the GDPR?  This is an area we’ll be covering at our October Insights Conference. To book your place, please click here.


View GDPR resources





Lara Bonney

Written by Lara Bonney

A data pioneer, who has lived and breathed the power of data-driven marketing throughout her career. Managing Director, mother of three, industry speaker and the GDPR go-to person for Abacus Alliance members.