Legal basis for sending emails

The General Data Protection Regularion (GDPR), which came into effect in May 2018 gives users the option to opt-out of email communications. However, there may be situations where certain types of emails can bypass these restrictions because the communication is considered to be in the legitimate interest of the data controller. To qualify as legitimate interest it must be considered communication which the user would reasonably expect and have a minimal impact on their privacy.

Important: This article is not legal advice, nor an exhaustive guide to GDPR compliance. If data protection regulations are applicable to your program you should familiarise yourself with the regulations and seek legal advice where necessary, particularly if your program is collecting personal data.

The GDPR gives an example of legitimate interest as the processing of data to prevent fraud, ensuring network and information security, direct marketing, and disclosing possible criminal acts to the authorities.

An example of legitimate interest in Award Force could be an email sent to shortlisted entrants or winners to let them know the status of their application. It may also be an email sent to judges to let them know judging is ready to begin. 

To determine whether the communication falls under legitimate interest you need to consider three questions?

  1. Purpose: is it a legitimate interest?
  2. Necessity: is it necessary to achieve the purpose or is there a less intrusive way of getting the same result?
  3. Balancing: do the user's interests override the legitimate interest and would they reasonably expect their data to be used in this way.

Sending broadcasts and notifications as legitimate interests

To send a broadcast or notification using legitimate interests and therefore bypass the user's preferences you can select from a drop-down menu on new broadcast and notification pages. Choose Legitimate interest of the data controller to bypass the user's preferences.

Screenshot_2020-08-10_at_12.15.09.png

Freely given consent by user will take send the message according to the user's preferences for broadcasts and notifications.

Note: The notification triggers for User registered and Role granted do not have the legitimate interests option because these messages always bypass user preferences since a user cannot register unless they receive the confirmation message.

 

 

Need more help? Get in touch!

We're here to help if you need it. Simply get in touch with our Client Success team through one of the methods available at the base of the page.