uk-data-house uk-datahouse data-broker the-data-partnership GDPR consent legitimate interests

GDPR Consent and Legitimate Interests in B2B Companies

What is Difference between Consent and Legitimate Interest?

‘Consent’ or ‘legitimate interest’ are the two legal bases for processing that are likely to be of interest to marketers. It’s possible that under certain circumstances, consent might be required for marketing data processing, but for most situations, ‘Legitimate Interest’ will be most suitable. 

Estimated reading time: 4 minutes

Do You Need Consent for Legitimate Interest?

Frequent questions revolve around the re-consent of data and usually involve the best way of getting around this problem. You should decide which way to go based on need. If consent is the best way to go, it should be because your use of data presents a risk to the rights and freedoms of the individual. It is more about making sure that you are on the right lines of a legal basis.

Another question is that if we re-consent our whole database, will we become GDPR compliant?

Yes, true, you will become GDPR compliant. However, you are likely to lose the large majority of your database during this. As well as a large percentage of your revenue, and then only have ICO consent to send out marketing communications. Also, we have seen hundreds of companies asking us (another business) to consent to their marketing, even businesses that we have never dealt with. Therefore people think they have no other choice than to re-consent their whole database. But there are other options to remain GDPR compliant.

How do You Stay GDPR Compliant…

GDPR compliance requires companies to clearly define their data privacy policies and make them easily accessible. They must explain how they engage in data processing of personal data and what they do with it.You could be held accountable for their compliance under the General Data Protection Regulation.

This list is the processing that GDPR covers. It is the activity that you are likely to be undertaking in a business-to-business scenario using legitimate interests under the Data Protection Act. The confusion is more stemming from electronic marketing such as emails, SMS and social media’s.

However, you still do have some work to do. Don’t just sit back and relax, thinking there is nothing for you to do. The two legal bases for processing that are likely to be of interest to marketers are ‘consent’ and ‘legitimate interests. In most situations, ‘legitimate interest’ will be most suitable, and under certain circumstances, ‘ data consent under GDPR’ may be required for marketing and data processing. Therefore the choice of the basis is very important as choosing the wrong basis will cause you to find it difficult to meet the needs of that basis.

Is GDPR Consent and Legitimate Interests still Relevant?

Yes, in some cases, but you need to apply the three-part test and ensure that you comply with other marketing laws. Recital 47 of the UK GDPR says: ‘’The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” 

If this is the case, then it is likely that ‘legitimate interests could be the way for you to go.

The Data Protection Network (DPN) Guidance

The Data Protection Network (DPN) has kindly produced some quality content and guidance on legitimate interest. Which includes a template to help you with the legitimate interest assessment. To sum it up;

  • Figure out what data you have and what you are using and can use it for.
  • Apply the test using the template in the DPN guide.
  • Make your decision. Can you justify using legitimate interest, or will it require consent?

Making the right choice is based on need. Furthermore, if consent is the best way to go, then this should be because your use of the data presents a risk to the rights and freedoms of the individual. But if this isn’t the case and your legitimate interest assessment says to use legitimate interest, then you can use it.

There is no need to put your business through unnecessary pain and stress and customers through unnecessary inconvenience if you don’t need to.

For further reading, this article from the Institute of Data and Marketing is a great resource. 

If you are still unsure find more GDPR resources, here. 

If you have any questions or want to make an enquiry, please contact us by calling the number above or fill out our contact form to request a callback

Scroll to top