Q I have a new compliance officer who is taking a much stricter approach to the GDPR than we previously thought was necessary, such as saying we shouldn’t be storing potential customers’ work emails without explicitly asking for their permission. Who is right?
A Many businesses wonder how they can make the best use of personal data while staying on the right side of the line. In the real world you need to balance commercial opportunity with compliance.
The starting point for using anyone’s personal data is that you must have a lawful basis. In a commercial context the most useful lawful basis is known as a legitimate interest.
That may sound like a simple concept but it can be tricky in practice.
The ICO
