Legitimate Interest is one of the six lawful bases under GDPR Article 6(1)(f). It allows organizations to process personal data when they have a legitimate business need, provided this is balanced against the rights and interests of data subjects.
When using legitimate interest as a lawful basis, organizations must conduct a Legitimate Interest Assessment (LIA) to determine whether the processing is necessary, fair, and whether data subjects' rights are proportionately protected. This is a commonly used basis for marketing, fraud prevention, and business operations.