The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Legitimate interest assessment (LIA)

If your organisation’s lawful basis is legitimate interests, you have completed an appropriate LIA prior to starting the processing.

Ways to meet our expectations:

  • The LIA identifies the legitimate interest, the benefits of the processing and whether it is necessary.
  • The LIA includes a 'balancing test' to show how your organisation determines that its legitimate interests override the individuals’ and considers the following issues:
    • Not using people's data in intrusive ways or in ways which could cause harm, unless there is a very good reason.
    • Protecting the interests of vulnerable groups such as people with learning disabilities or children.
    • Whether you could introduce safeguards to reduce any potentially negative impact.
    • Whether you can offer an opt-out.
    • Whether you require a DPIA.
  • You clearly document the decision and the assessment.
  • You complete the LIA prior to the start of the processing.
  • You keep the LIA under review and refresh it if changes affect the outcome.

Can you answer yes to the following questions?

  • Do staff say that the LIAs are clear and comprehensive?
  • Is the review process effective?