The ICO exists to empower you through information.

About this detailed guidance

These pages sit alongside our brief guidance and provide more detailed guidance for UK organisations on legitimate interests under the GDPR.

This guidance will help you to decide when to rely on legitimate interests as your basis for processing personal data and when to look at alternatives. It explains when using legitimate interests as a lawful basis is appropriate, what it means, and how to decide whether it applies to your particular processing operation.

The concept of ‘legitimate interests’ also appears in connection with international transfers (Article 49). However this guidance focuses on legitimate interests in its role as a lawful basis in Article 6.

For an introduction to the key themes and provisions of the UK GDPR, you should refer back to the guide. You can navigate back to the guide at any time using the link at the top of this page. Links to other relevant guidance and sources of further information are also provided throughout.

When downloading this guidance, the corresponding content from the brief guidance will also be included so you will have all the relevant information on this topic.

Contents

What is the ‘legitimate interests’ basis?

When can we rely on legitimate interests?

How do we apply legitimate interests in practice?

What else do we need to consider?