{"id":2904,"date":"2021-01-29T18:53:23","date_gmt":"2021-01-29T17:53:23","guid":{"rendered":"https:\/\/staging.techgdpr.com\/?p=2904"},"modified":"2024-12-10T14:56:39","modified_gmt":"2024-12-10T13:56:39","slug":"legitimate-interest-gdpr","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/","title":{"rendered":"How to use legitimate interest under the GDPR?"},"content":{"rendered":"\n

How does the GDPR define legitimate interest? Does the legitimate interest legal base cover company interests only or can it also include third parties interests?<\/strong><\/h3>\n\n\n\n

There is no precise definition under the GDPR<\/a> of what constitutes a legitimate interest and this precisely opens the room for a controller to argue that certain business activities, for instance, sending direct marketing<\/a> messages to a group of people are based on controller\u2019s legitimate interest. <\/p>\n\n\n\n

Ultimately, all companies have different interests in processing personal data for different purposes. But are all these interests legitimate<\/em>? <\/p>\n\n\n\n

The GDPR offers a few sections where certain characteristics can be extracted, reducing its scope and outlining this lawful basis. <\/p>\n\n\n\n

On one hand, the GDPR explicitly says that personal data can be processed for the controller’s legitimate purposes or third party purposes (Article 6.1.f). In other words, a company can have the intention of processing personal data for their own interest but if third parties need to receive personal data, this also constitutes a legitimate interest. <\/p>\n\n\n\n

Additionally, commercial interests are also part of the list. For example, if a company has a commercial interest to store the personal data of website visitors, this is possible in principle. <\/p>\n\n\n\n

Nevertheless, the processing of such personal data must be necessary. The latter means that it can\u2019t be up to the controller\u2019s discretion to process this data and it must be the only way to achieve those purposes. Thus, if it\u2019s possible to do it in another way, then it\u2019s not recommendable to rely on this legal basis. <\/p>\n\n\n\n

Taking the previous example, the company should determine that they do need to store website visitor data in order to better understand the customers and\/or to know what is the customer\u2019s interest using the company\u2019s services so that it will be possible to improve the services and search external adequate suppliers if needed. <\/p>\n\n\n\n

But not everything ends here.<\/p>\n\n\n\n

If such interest affects individuals\u2019 fundamental rights and freedoms, it won\u2019t be possible to carry out the processing, even if it is necessary. <\/p>\n\n\n\n

Hence, if a company informs on the privacy policy that they will collect website visitor\u2019s data for improving the service but then those individuals start receiving weekly newsletters with products they are not interested in, it is not possible to do it under the GDPR. <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

Purpose, Necessity and the Balancing Test: relying on legitimate interests as a lawful basis.\u00a0<\/strong><\/h3>\n\n\n\n

As previously shown, three elements need to be considered whenever a company selects legitimate interest as their legal basis.<\/p>\n\n\n\n

First, consider whether the activity at hand pursues a legitimate interest and none other. For instance, if a company stores employee bank account data for payment purposes, this is inextricably linked to the employment contract, therefore the legal basis of this processing activity is to allow the company to perform a contract, which means no legitimate interest is involved here. <\/p>\n\n\n\n

Secondly, the processing of the activity has to be necessary to achieve this legitimate interest. <\/p>\n\n\n\n

Finally, such interest must be balanced with individuals interest, rights, and freedoms. <\/strong>Moreover, if individuals are affected – particularly children- by that processing or would not likely expect that processing to happen, companies should avoid processing their personal data or find another lawful basis. An important factor that could trigger this last step is what the privacy notice disclosed to individuals. If companies include clear information about the processing, individuals are more likely to expect that processing.
We encourage companies to keep a record of the legitimate interests assessment (LIA) to demonstrate compliance if required. <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

Use-cases: can companies rely on legitimate interest for direct marketing or web analytics?<\/strong><\/h3>\n\n\n\n

There is no clear cut yes-or-no answer to these questions. <\/p>\n\n\n\n

Apart from the mandatory 3-step approach, it is important to keep in mind that the relationship with the individuals plays a very important role in determining the possibility to use this legal basis. Should the company have a previous client relationship, the individual could expect the processing of personal data. In other cases, a full Legitimate Interest Assessment (LIA) will lead to the applicability of the legitimate interest will be determined on a case-by-case basis. <\/p>\n\n\n\n

Ultimately, the information companies provide to the individuals is key for preventing possible claims. The privacy notice is the best place to provide as it, at the very least allows individuals to exercise the right for their data to not be subject to further processing.<\/p>\n\n\n\n

In short, in this article, we discovered that if an appropriate assessment is implemented before processing any personal data based on legitimate interest, it is in effect broader in scope than other legal grounds. The legitimate-interest legal base can be flexible, but it requires both a documented internal assessment of the three stages within the company and external communication to those individuals involved. <\/p>\n","protected":false},"excerpt":{"rendered":"

How does the GDPR define legitimate interest? Does the legitimate interest legal base cover company interests only or can it also include third parties interests? There is no precise definition under the GDPR of what constitutes a legitimate interest and this precisely opens the room for a controller to argue that certain business activities, for […]<\/p>\n","protected":false},"author":16,"featured_media":2906,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[11,60],"tags":[],"class_list":["post-2904","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-subjects","category-regulation"],"acf":[],"featured_image_urls":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg",2560,1695,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-150x150.jpg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-300x199.jpg",300,199,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-768x509.jpg",640,424,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-1024x678.jpg",640,424,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-1536x1017.jpg",1536,1017,true],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-2048x1356.jpg",2048,1356,true],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg",200,132,false]},"post_excerpt_stackable":"

How does the GDPR define legitimate interest? Does the legitimate interest legal base cover company interests only or can it also include third parties interests? There is no precise definition under the GDPR of what constitutes a legitimate interest and this precisely opens the room for a controller to argue that certain business activities, for instance, sending direct marketing messages to a group of people are based on controller\u2019s legitimate interest.  Ultimately, all companies have different interests in processing personal data for different purposes. But are all these interests legitimate?  The GDPR offers a few sections where certain characteristics can…<\/p>\n","category_list":"Data Subjects<\/a>, Regulation<\/a>","author_info":{"name":"Esthefania Vargas","url":"https:\/\/techgdpr.com\/blog\/author\/esthefania\/"},"comments_num":"0 comments","featured_image_urls_v2":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg",2560,1695,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-150x150.jpg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-300x199.jpg",300,199,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-768x509.jpg",640,424,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-1024x678.jpg",640,424,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-1536x1017.jpg",1536,1017,true],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-2048x1356.jpg",2048,1356,true],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg",200,132,false]},"post_excerpt_stackable_v2":"

How does the GDPR define legitimate interest? Does the legitimate interest legal base cover company interests only or can it also include third parties interests? There is no precise definition under the GDPR of what constitutes a legitimate interest and this precisely opens the room for a controller to argue that certain business activities, for instance, sending direct marketing messages to a group of people are based on controller\u2019s legitimate interest.  Ultimately, all companies have different interests in processing personal data for different purposes. But are all these interests legitimate?  The GDPR offers a few sections where certain characteristics can…<\/p>\n","category_list_v2":"Data Subjects<\/a>, Regulation<\/a>","author_info_v2":{"name":"Esthefania Vargas","url":"https:\/\/techgdpr.com\/blog\/author\/esthefania\/"},"comments_num_v2":"0 comments","yoast_head":"\nHow to use legitimate interest under the GDPR? - TechGDPR<\/title>\n<meta name=\"description\" content=\"We explored the possibilities of using legitimate interest as a legal base under the GDPR in this article, and shared our findings.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to use legitimate interest under the GDPR? - TechGDPR\" \/>\n<meta property=\"og:description\" content=\"We explored the possibilities of using legitimate interest as a legal base under the GDPR in this article, and shared our findings.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/\" \/>\n<meta property=\"og:site_name\" content=\"TechGDPR\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-29T17:53:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-10T13:56:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1695\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Esthefania Vargas\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:site\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Esthefania Vargas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/\"},\"author\":{\"name\":\"Esthefania Vargas\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/bc75cdcfd564b99faeea49144ba6cdb3\"},\"headline\":\"How to use legitimate interest under the GDPR?\",\"datePublished\":\"2021-01-29T17:53:23+00:00\",\"dateModified\":\"2024-12-10T13:56:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/\"},\"wordCount\":823,\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/photo1-scaled.jpg\",\"articleSection\":[\"Data Subjects\",\"Regulation\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/\",\"name\":\"How to use legitimate interest under the GDPR? - TechGDPR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/photo1-scaled.jpg\",\"datePublished\":\"2021-01-29T17:53:23+00:00\",\"dateModified\":\"2024-12-10T13:56:39+00:00\",\"description\":\"We explored the possibilities of using legitimate interest as a legal base under the GDPR in this article, and shared our findings.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/#primaryimage\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/photo1-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/photo1-scaled.jpg\",\"width\":2560,\"height\":1695},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/legitimate-interest-gdpr\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/techgdpr.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to use legitimate interest under the GDPR?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"name\":\"TechGDPR\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/techgdpr.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\",\"name\":\"TechGDPR\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"contentUrl\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"width\":501,\"height\":334,\"caption\":\"TechGDPR\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/techgdpr\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/techgdpr\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/bc75cdcfd564b99faeea49144ba6cdb3\",\"name\":\"Esthefania Vargas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/profile-768x793-1-e1619771343449-150x150.jpg\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/profile-768x793-1-e1619771343449-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/profile-768x793-1-e1619771343449-150x150.jpg\",\"caption\":\"Esthefania Vargas\"},\"description\":\"Esthefania Vargas (CIPP\\\/e) is a Colombian Attorney graduated from Externado de Colombia University with a Master's degree (LLM) in International Dispute Resolution at Humboldt Universit\u00e4t, Berlin. She has worked at private and public companies as well as law firms focusing on contract law, insurances, blockchain, General Data Protection Regulation (GDPR) and legal technology. She joins TechGDPR as a junior consultant.\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/author\\\/esthefania\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to use legitimate interest under the GDPR? - TechGDPR","description":"We explored the possibilities of using legitimate interest as a legal base under the GDPR in this article, and shared our findings.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/","og_locale":"en_US","og_type":"article","og_title":"How to use legitimate interest under the GDPR? - TechGDPR","og_description":"We explored the possibilities of using legitimate interest as a legal base under the GDPR in this article, and shared our findings.","og_url":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/","og_site_name":"TechGDPR","article_published_time":"2021-01-29T17:53:23+00:00","article_modified_time":"2024-12-10T13:56:39+00:00","og_image":[{"width":2560,"height":1695,"url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg","type":"image\/jpeg"}],"author":"Esthefania Vargas","twitter_card":"summary_large_image","twitter_creator":"@techgdpr","twitter_site":"@techgdpr","twitter_misc":{"Written by":"Esthefania Vargas","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/#article","isPartOf":{"@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/"},"author":{"name":"Esthefania Vargas","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/bc75cdcfd564b99faeea49144ba6cdb3"},"headline":"How to use legitimate interest under the GDPR?","datePublished":"2021-01-29T17:53:23+00:00","dateModified":"2024-12-10T13:56:39+00:00","mainEntityOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/"},"wordCount":823,"publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg","articleSection":["Data Subjects","Regulation"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/","url":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/","name":"How to use legitimate interest under the GDPR? - TechGDPR","isPartOf":{"@id":"https:\/\/techgdpr.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/#primaryimage"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg","datePublished":"2021-01-29T17:53:23+00:00","dateModified":"2024-12-10T13:56:39+00:00","description":"We explored the possibilities of using legitimate interest as a legal base under the GDPR in this article, and shared our findings.","breadcrumb":{"@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/#primaryimage","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/01\/photo1-scaled.jpg","width":2560,"height":1695},{"@type":"BreadcrumbList","@id":"https:\/\/techgdpr.com\/blog\/legitimate-interest-gdpr\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techgdpr.com\/"},{"@type":"ListItem","position":2,"name":"How to use legitimate interest under the GDPR?"}]},{"@type":"WebSite","@id":"https:\/\/techgdpr.com\/#website","url":"https:\/\/techgdpr.com\/","name":"TechGDPR","description":"","publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techgdpr.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techgdpr.com\/#organization","name":"TechGDPR","url":"https:\/\/techgdpr.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/","url":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","contentUrl":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","width":501,"height":334,"caption":"TechGDPR"},"image":{"@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/techgdpr","https:\/\/www.linkedin.com\/company\/techgdpr"]},{"@type":"Person","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/bc75cdcfd564b99faeea49144ba6cdb3","name":"Esthefania Vargas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/04\/profile-768x793-1-e1619771343449-150x150.jpg","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/04\/profile-768x793-1-e1619771343449-150x150.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/04\/profile-768x793-1-e1619771343449-150x150.jpg","caption":"Esthefania Vargas"},"description":"Esthefania Vargas (CIPP\/e) is a Colombian Attorney graduated from Externado de Colombia University with a Master's degree (LLM) in International Dispute Resolution at Humboldt Universit\u00e4t, Berlin. She has worked at private and public companies as well as law firms focusing on contract law, insurances, blockchain, General Data Protection Regulation (GDPR) and legal technology. She joins TechGDPR as a junior consultant.","url":"https:\/\/techgdpr.com\/blog\/author\/esthefania\/"}]}},"_links":{"self":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/2904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/comments?post=2904"}],"version-history":[{"count":16,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/2904\/revisions"}],"predecessor-version":[{"id":9872,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/2904\/revisions\/9872"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media\/2906"}],"wp:attachment":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media?parent=2904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/categories?post=2904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/tags?post=2904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}