I was asked after the previous article on GDPR about the ‘Balancing Test for Legitimate Interest’. This is coming up a lot. The reason is that there are six available lawful bases for processing personal data, and ‘legitimate interests’ is the most flexible of these, able to cover most marketing activities.
The legislation requires that we undertake a test, to determine if on balance, using someone’s personal data is not outweighed by their own interests. The GDPR clearly says that direct marketing is a legal reason for using data. So for each activity where we use data (e.g. sending out sales material), the Information Commissioner’s Office says that we need to:
- Identify a legitimate interest;
- Show that the processing is necessary to achieve it; and
- Balance it against the individual’s interests, rights and freedoms.
Already starting to switch off? Stick with it. At the bottom of this article from the Direct Marketing Association, there’s a link to a guidance document which is well worth reading. In that document is a template for a Legitimate Interests Assessment. It looks quite long, but not all of it will be applicable to every marketing exercise. Complete this and you’ll have covered the three requirements above.
(Please note that you should take legal advice on this – the above is only my own interpretation)