GDPR Latest News



Under GDPR there are six grounds to process personal data, these are equally valid.

There are two of these which are relevant to direct marketing, consent or legitimate interest.

Astute Marketing Services have selected legitimate interest as the legal basis for processing personal data which is most appropriate to our business.  This is because the ICO have stated that:

“Using this basis for processing that is expected and has a low privacy impact may help you avoid bombarding people with unnecessary consent requests and can help avoid ‘consent fatigue’. It can also, if done properly, be an effective way of protecting the individual’s interests, especially when combined with clear privacy information and an upfront opportunity to opt out.”

And

 gdpr01 

Source:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/what-s-new-under-the-gdpr/

If you are processing data that Astute Marketing Services has provided after 24th May 2018 we would recommend that you evaluate whether you can use legitimate interest as your legal basis for processing the data as AMS data is not consent based.

What Is Legitimate Interest?

In essence, Legitimate Interest is what most B2B marketeers have been using since the 1998 Data Protection Act.  As the ICO state,

The role of legitimate interests as a potential lawful basis ( or condition) for processing under the 1998 Act and the wording is similar:”

gdpr02

Source:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/what-s-new-under-the-gdpr/

 

Recital 47 of the GDPR States that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

Additionally, Article 6.1(f) of the GDPR states that the processing is lawful if it is:

“Necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual which require protection of personal information, in particular where the individual is a child”

When an organisation uses legitimate interests as the basis for processing, it is subject to appropriate balancing tests such as a Legitimate Interest Impact Assessment (LIA).

The Direct Marketing Association have stated the key conditions that must be met are that:

  • “The processing must relate to the legitimate interests of your business or a specified third party, providing that the interests or fundamental rights of the data subject do not override the business’ legitimate interest.
  • The processing must be necessary to achieve the legitimate interests of the organisation.”

Source:

https://dma.org.uk/uploads/misc/5aabd9a90feff-gdpr-essentials-for-marketers—-an-introduction-to-the-gdpr_5aabd9a90fe17.pdf

 

The Direct Marketing Association have also collaborated on industry guidance on Legitimate Interest with other partners and the results can be found on the data protection network website, www.dpnetwork.org.uk.  This includes an example template of a Legitimate Interest Assessment, which can be found in:

https://www.dpnetwork.org.uk/wp-content/uploads/2017/09/DPN-Guidance-A4-Publication.pdf

The ICO have also issued a Legitimate Interest Assessment Template, which is included in:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/how-do-we-apply-legitimate-interests-in-practice/

 

Further information on Legitimate Interest and the GDPR can also be found on the Direct Marketing Association Website:

https://dma.org.uk/article/seven-things-b2b-marketers-need-to-understand-about-gdpr

https://dma.org.uk/article/10-things-b2b-marketers-need-to-know-about-the-gdpr-and-data-protection

https://dma.org.uk/article/b2b-marketing-and-the-gdpr

Please note that this information is provided for general information only without prejudice. It does not constitute legal advice and cannot be construed as offering comprehensive guidance to the GDPR or any other applicable legislation such as the Privacy and Electronic Communications Regulation.