Legal basis for sending emails

The General Data Protection Regulation (GDPR), which came into effect in May 2018, gives users the option to opt-out of email communications. However, there may be situations where certain types of emails can bypass these restrictions because the communication is considered to be in the legitimate interest of the data controller. To qualify as legitimate interest it must be considered communication which the user would reasonably expect and have a minimal impact on their privacy.

Important: this article is not legal advice, nor an exhaustive guide to GDPR compliance. If data protection regulations are applicable to your program you should familiarise yourself with the regulations and seek legal advice where necessary, particularly if your program is collecting personal data.

The GDPR gives an example of legitimate interest as the processing of data to prevent fraud, ensuring network and information security, direct marketing, and disclosing possible criminal acts to the authorities.

An example of legitimate interest in Award Force could be an email sent to shortlisted entrants or winners to let them know the status of their application. It may also be an email sent to judges to let them know judging is ready to begin. 

To determine whether the communication falls under legitimate interest you need to consider three questions?

  • Purpose: is it a legitimate interest?
  • Necessity: is it necessary to achieve the purpose or is there a less intrusive way of getting the same result?
  • Balancing: do the user's interests override the legitimate interest and would they reasonably expect their data to be used in this way.

Sending broadcasts and notifications as legitimate interests

To send a broadcast or notification using legitimate interests and therefore bypass the user's preferences you can select from a drop-down menu on new broadcast and notification pages. Choose Legitimate interest of the data controller to bypass the user's preferences.

Legal basis for sending email drop-down.png

Freely given consent by user will send the message according to the user's preferences for broadcasts and notifications.

Note: the notification triggers for User registered and Role granted do not have the legitimate interests option because these messages always bypass user preferences since a user cannot register unless they receive the confirmation message.
Was this article helpful?
3 out of 3 found this helpful

Articles in this section