Good afternoon, Could I have your thoughts on –
Lets say for this purpose our Business Continuity Director wants access to Director level/above personal address/email address and contact number so that they can be contacted outside of work should they need to be. For example where there is an emergency situation that needs dealing with. Our Privacy notice currently states –
In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties provided your interests and fundamental rights do not override those interests. Some of the above grounds for processing will overlap and there may be several grounds which justify use of your personal information.
The individual has access to some Director level/above personal address/email address and contact number where they are a direct report but is requesting access to the individuals who are not a direct report (they are their direct reports report)
Can a lawful basis other than consent be used? Can we rely on legitimate interest as a lawful basis for providing access? I was considering vital interest but this would be accessible regardless of whether there was an emergency or not.