A legal basis under the GDPR that allows processing of personal data when an organization's interests are not overridden by the rights of the individual.
Legitimate interest is one of the six lawful bases for processing in the GDPR. Relying on it requires a balancing test: the organization documents its purpose, checks the processing is necessary, and weighs it against the individual's rights and reasonable expectations.
It offers flexibility for activities such as fraud prevention or network security, but it is not a catch-all. The assessment, often called an LIA, must be recorded.
Related frameworks
KaitoSec