We are pleased to note that the ICO have now produced a document which confirms what we at Lawgistics have been saying for many months and that is that legitimate interest is a business friendly ground for processing data.
As we have previously advised, business do not need to jump through the consent hoops and reviews to continue to market to existing customers. To reiterate, garages can continue to send MOT reminders to their customer base as long as they offer the customer the option to opt out in every email or text. Further, it is absolutely fine to take a customer’s details and call them back – no separate consent is required, the customer has called you and so is expecting a call back.
The trick to staying on the right side of legitimate interest is to consider the 3 part test which in plain English requires you to consider:
- why do you want to process the data in question?
- will processing the data help you achieve your purpose and is there a less intrusive way to achieve it?
- would the data subject reasonably expect you to be using their data in this way?
An employer may ask for next of kin details from their employee so they know who to contact in an emergency. There is no need to ask the individual next of kin for their consent to hold their personal data as it is not unreasonable for such details to be held for health and safety reasons. There is no less intrusive way to be able to contact a relative after an emergency, the impact is minimal and only the Line Manager and Directors will have the details.
A car dealer has a problem customer and seeks help from Lawgistics. The car dealer is entitled to seek specialist legal advice and only provides the customer data relative to the case. It is entirely reasonable for a business to seek advice and the customer’s details are looked after by Lawgistics who are GDPR compliant meaning there is minimal risk to the customer (except that they are likely to lose their case of course!).
The key is giving the matter some thought. If it can reasonably be justified, then legitimate interest is your ground of choice – much less hassle and for marketing to existing customers, more likely to keep your marketing list alive as asking for consent may well end up with a limited response.
So in summary, legitimate interest is your friend but like all good friendships, it shouldn’t be abused.
Nona has published many legal updates on GDPR and will be conducting workshops at the forthcoming CarDealer Magazine Expo 2018.