[lmkg]

Please do not use that website. It presents itself as an authoritative resource, but it is not actually an authoritative resource. Nor, frankly, even a very good one.

Actual first party resource: https://ico.org.uk/for-organisations/guide-to-pecr/guidance-...

ICO is literally the agency that issues fines for GDPR violations in the UK. They have a lot of explicit guidance about what's OK and what's not.

More detailed guidance on the "strictly necessary" exemption: https://ico.org.uk/for-organisations/guide-to-pecr/guidance-...