Q&As

The General Data Protection Regulation, Regulation (EU) 2016/679 states that legitimate interest can be used for direct marketing as a lawful purpose provided we comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426. Can you clarify the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426 requirements? Also, can you rely on legitimate interest for sharing data? Or can you share data on the basis the customer has not ticked an 'opt-out' box?

read titleRead full title
Copyright © 2025 LexisNexis
Published by a LexisNexis Information Law expert
Published on: 05 March 2018
imgtext

Legitimate interest

The Data protection Act 1998 (DPA 1998) defines Direct marketing as the communication (by whatever means) of advertising or marketing material directed to particular individuals. This definition is replicated in the draft Data Protection Bill. The Information Commissioner’s Office (ICO) has further refined the concept of direct marketing in its direct marketing guidance as including the promotion of aims and ideals as well as the sale of products and services. This means the direct marketing rules are not restricted to commercial organisations—they also cover not-for-profit organisations, eg charities and political parties.

Many direct marketing activities involve processing personal data. To process personal

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Related legal acts:
Key definition:
Data protection definition
What does Data protection mean?

In an employment context, this refers to the obligation on an employer to protect the data of its employees and ensure that it complies with the law on how it uses the employees' data.

Read more

Popular documents

Profiling and automated decision-making

Profiling and automated decision-makingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January 2024,

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing and sharingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European

The UK General Data Protection Regulation (UK GDPR)

The UK General Data Protection Regulation (UK GDPR)STOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is