Page Contents

Answer

As a company/organisation, you often need to process personal data in order to carry out tasks related to your business activities. The processing of personal data in that context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with an individual. In such cases,  processing of personal data can be justified on grounds of legitimate interest.

Your company/organisation must inform individuals about the processing when  collecting their personal data.

Your company/organisation  must also check that by pursuing its legitimate interests  the rights and freedoms of those individuals are not seriously impacted, otherwise your company/organisation cannot rely on grounds of legitimate interest as a justification for processing the data and another legal ground must be found.

Example

Your company/organisation has a legitimate interest when the processing takes place within a client relationship, when it processes personal data for direct marketing purposes, to prevent fraud or to ensure the network and information security of your IT systems.

References