Introduction to this document

Example website wording for processing data relying on legitimate business interests

Even if you’re relying on a legitimate interest to undertake direct marketing, don’t forget that you must flag up very clearly that the data subject has the right to opt-out at any time. This example wording covers what you need to say.


What are legitimate interests?

If you are a private sector organisation, you can process personal data without consent if you have a genuine and legitimate reason (including commercial benefit), unless this is outweighed by harm to the individual’s rights and interests.

When considering using legitimate interests, always carry out the three-stage test:

  • identify your legitimate interests
  • carry out a necessity test
  • carry out a balancing test.