If your organisation’s lawful basis is legitimate interests, you have completed an appropriate LIA prior to starting the processing.
Ways to meet our expectations:
- The LIA identifies the legitimate interest, the benefits of the processing and whether it is necessary.
- The LIA includes a 'balancing test' to show how your organisation determines that its legitimate interests override the individuals’ and considers the following issues:
- Not using people's data in intrusive ways or in ways which could cause harm, unless there is a very good reason.
- Protecting the interests of vulnerable groups such as people with learning disabilities or children.
- Whether you could introduce safeguards to reduce any potentially negative impact.
- Whether you can offer an opt-out.
- Whether you require a DPIA.
- You clearly document the decision and the assessment.
- You complete the LIA prior to the start of the processing.
- You keep the LIA under review and refresh it if changes affect the outcome.
Can you answer yes to the following questions?
- Do staff say that the LIAs are clear and comprehensive?
- Is the review process effective?