The Information Commissioner’s Office has published new guidance on the issue of legitimate interest under the General Data Protection Regulation.
The GDPR, which comes into force on 25 May, introduces stricter controls on the use of personal data, including the consents required to contact people for fundraising purposes, for example.
The new guidance, published by the ICO today, considers subjects such as when legitimate interests are appropriate and includes a fundraising example.
Legitimate interest is one of six lawful grounds for processing personal data and covers areas for which an individual has not given specific consent, which could include direct mail or email marketing.
The guidance sets out a three-stage test that organisations can apply to help them decide whether a particular action is lawful, which covers the purpose of the activity, whether it is necessary and how this is balanced against an individual’s rights.
Daniel Fluskey, head of research and external affairs at the Institute of Fundraising, said the guidance had been eagerly awaited.
"What’s clear is that legitimate interests isn’t a given – charities have to determine their purpose, show it’s necessary and balance against the individual’s rights," he said.
"Get this right and, as long as charities tell people about the processing and document their decision-making appropriately, legitimate interest will be fair and lawful. We hope that alongside our guidance resources, fundraisers now have the resources and advice they need to move forward with confidence."