Webinar recording:⚖️Legitimate interest in practice

by Sypher | Published in Resources - September 09, 2025


This is the recording of a one-hour webinar on the practical use of legitimate interest as a lawful basis. Our guest speaker was Daniel Vinerean, Managing Associate at D&B David si Baias and Senior Manager @ PwC - Data Protection Practice.

Main discussion topics

  • 00:46 What role does legitimate interest play in the GDPR framework? 
  • 01:53 Are there differences between EU GDPR and UK GDPR regarding legitimate interest? 
  • 03:44 Are there exemptions from the balancing test in the EU? 
  • 04:41 What is the status of the EDPB guidelines on legitimate interest? 
  • 05:50 What are the key points and controversies in the EDPB guidelines? 
  • 10:41 How authoritative are EDPB guidelines in practice? 
  • 12:36 What are the most common situations where organisations rely on legitimate interest? 
  • 17:04 Can employees object to processing based on legitimate interest? 
  • 19:10 If someone unsubscribes, but later downloads another resource, can we reply again on legitimate interest to communicate with them? 
  • 20:17 What are best practices for transparency when using legitimate interest? 
  • 22:08 What common mistakes should be avoided in legitimate interest assessments? 
  • 24:27 Who should perform the balancing test to ensure objectivity? 
  • 26:42 What do regulators expect to see in a balancing test? 
  • 30:00 How do you get the opinion of data subjects when performing a balancing test and should you? 
  • 33:27 Have there been situations where legitimate interest could not be applied as expected? 

Questions from the audience: 

  • 36:23 Can insurance expiry notifications be based on legitimate interest? 
  • 38:04 How far can legitimate interest go in monitoring employees? 
  • 39:33 Does withdrawing marketing consent also mean opting out of communications under legitimate interest? 
  • 41:30 Should companies provide a copy of the legitimate interest assessment if consent opt-in is challenged? 
  • 43:31 Can legitimate interest be invoked for using personal data in AI model training and data analysis? 
  • 45:56 Is the ICO’s LIA template sufficient, or should it be supplemented? 
  • 47:26 Could the EU adopt the UK’s “recognised legitimate interest”? 
  • 49:11 Can legitimate interest in data protection be applied in other areas of law (e.g., sharing confidential information)? 
  • 50:47 Is a LIA required for a contract with a supplier who provides additional information about the claims process or for the purposes of Know Your Customer process? 
  • 53:24 Should companies periodically reconfirm interest when relying on legitimate interest for communications? 
  • 56:01 Can employers use personal phone numbers and emails for work communication? 

Please fill out the form below to get instant access to this content.

Read our privacy notice