GDPR: Legitimate Interest vs. Consent

Subscriber Content
Screenshot of the first page of GDPR Legitimate Interest vs. Consent
By
Jeff Sanchez, Protiviti Managing Director, and Diana Candela, Protiviti Associate Director

One of the key provisions of the European Union’s new General Data Protection Regulation (GDPR) is that the processing of personal data of a data subject requires a legal basis to process that data. While organizations initially turned to consent first as their legal basis, more organizations are now considering the circumstances under which they might be able to assert ‘‘legitimate interest’’ in lieu of consent. The choice of whether to go with consent or legitimate interests is process-specific and should not be made lightly.

This article explores the legal concepts of consent and interest in the context of GDPR and offers advice on how organizations should approach deciding between them.


Topics
Compliance
Laws & Regulations
Privacy
Identity and Access Management
IT Security
Document Retention

Related Resources

Articles

California Adopted a GDPR-like Privacy Law: What Does It Mean for You?

Audit Reports

Data Privacy Maturity Audit Report

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It