15th May 2018


 Issue No.  2018/06




Given the flurry of emails we are no doubt all getting that seek ‘opt-in’ consent to receive future emails, we thought a reminder of the various legal authorisations under which personal data can be processed would be useful.

Personal data can be lawfully processed for the following reasons: 

1. For the Performance of the Contract

This includes commercial contracts and contracts of employment.  It also relates to steps you might take prior to entering a contract – such as when a candidate sends you a CV or application form as part of their desire to be part of a recruitment process. 

2. For compliance with a legal obligation

For example, employers must provide employee information to HMRC. 

3. In order to protect vital interests of the data subject or other natural person

For example, disclosing name, address, next of kin details and any medical questionnaire completed by an employee to a paramedic in circumstances where an employee is taken ill at work, and an ambulance is called. 

4. For the performance of a task carried out in the public interest in the exercise of official authority

This covers public functions and powers that are set out in law or to perform a specific task in the public interest that is set out in law. It is most relevant to public authorities but can apply to any organisation that exercises official authority or carries out tasks in the public interest. 

5. For the performance of a legitimate interest

Most commercial organisations will have a marketing plan which will include measures and actions designed to ‘get their name out there’ and thus better enable it to gain sales or win new business.  In the professional and technical services sector, where services are provided Business to Business, this may well be the appropriate reason for processing data such as names and e-mail addresses.  It would be interesting to see what argument could be advanced that says that such marketing initiatives are not a ‘Legitimate Interest’.  To rely on this however, will need some thought and analysis.  Carrying out a data audit and a Legitimate Interest Assessment will help you decide if this applies to your processing where it relates to e-mail circulations.  A free template for this is available on the ICO website at:

6. With the consent of the Data Subject

This is the ‘catch-all’ authorisation and probably the easy option.  If the first 5 don’t work for you then getting specific, informed and explicit consent will.  Hence the e-mails we are all receiving.  It will be a matter of time before we know just what percentage of those asked for new consent actually go down the ‘YES’ route or just can’t be bothered. 

Sentient’s commitments to Safe Personal Data Processing 

  1. The data we hold, relates to our clients, our employees and recipients of our e-mail updates. It is only processed for the performance of our contract or because we have a legitimate interest.
  2. We have carried out a Data Audit and a Legitimate Interest Impact Assessment to help us make appropriate decisions on personal data processing.
  3. We keep personal data secure.
  4. We will never sell-on personal data, or indeed give it away.
  5. Our employees have had training in GDPR and know their responsibilities concerning personal data processing.
  6. Our portable electronic equipment (e.g. laptops, memory sticks) have been encrypted.
  7. All our e-mail updates give the recipient an absolute right to opt-out of receiving further e-mails. This is done automatically.

Without doubt, our management approach to processing personal data will continue to evolve.  The final legislation of course is still not out and is still going through the legislative process as we write this…………make of that what you will!





Employment Law
Health & Safety
Personnel / HR
Food Safety
Food Hygiene
Management Training







Making sense of it all


Sentient - Training


Sentient adj ...

"capable of perception"

"capable of independent thought"


Can we help you?
If you think so, please contact us at advice@sentientuk.co.uk or call UK 03456 446006

To subscribe for these E-mails click here or to access our archive of previous E-mail Updates please click here.  

Click here for details of the services available on our website. 

Our new online training courses are now available to view here

Our current Open Course Training Programme is available to view here

Follow us on Twitter @SentientUk

The advice and comment in this update is not meant to be an authoritative statement of law. The articles and summaries should not be applied to any specific set of facts and circumstances without seeking further advice. Whilst every care is taken to ensure that the content is correct Sentient cannot accept responsibility for the accuracy of statements made nor the result of any actions taken by individuals after reading such.

To unsubscribe to this information newsletter please click here and complete the unsubscribe form on our site.
Warning do not click this link unless you wish to be removed from this update newsletter.