The GDPR provides a “legitimate interest” exception to the use personal data. This exception allows companies to use personal data without obtaining consent from the data subject. Although this exception has gained traction lately, the idea of an organizations’ legitimate interest is processing personal data is not a new one. The exception first appeared in Article 7 of the Directive 95/46/EC, which the GDPR replaced. The exception is cited in Article 6 (f) which states:
The GDPR and the fact that it gives data subjects the right to be forgotten has become a hurdle for marketers. To make things a little more interesting, it is not an absolute right and there are circumstances where a request to be forgotten can be denied—it’s called legitimate interest.
As the GDPR transforms from a distant vision to a fast approaching reality it is easy to get swamped in preparation and neglect some of the details of the GDPR. There is so much that the GDPR is that we find it necessary to point out what it is not.
Consent is a crucial part of complying with the GDPR. Don’t press your luck by not addressing it. In fact, the GDPR will change not only the way companies obtain consent, but also the way they manage it.
Listen, we get it. With only a few months left until it’s enforceable you're probably currently drowning in GDPR prep work. If this is your first foray into data privacy, you might also be struggling with wondering why any of it really matters. Why is the General Data Protection Regulation such a big deal? And why is it so burdensome, exhaustive, and at times, vague?
The European Union adopted the General Data Protection Regulation (GDPR) in April 2016 and allowed a two year period for companies to become complaint with the new, more stringent rule and regulations. May 25, 2018 is the big date to remember–it’s the day the GDPR becomes enforceable. There is no grace period after this date. In fact, there’s a big countdown clock on the GDPR website, and as of the publishing of this blog, there are just over 100 days left to become compliant.
Welcome to part three of our GDPR Basics blog series. We previously covered who must comply with the GDPR, and what you need to know about acquiring and tracking consent, and now we’re diving into the “where.” Oh where, oh where have the simpler times gone! The days where the internet was a party trick and privacy was something you gained when you’d close your blinds. While I can’t answer those questions I can answer a few other “where” related questions.