IN THIS CHAPTER

Recognizing when a Legitimate Interests Assessment Form is necessary

Completing a Legitimate Interests Assessment Form

Knowing what to expect if you don’t comply

As I discuss in Chapter 3, one of the six lawful grounds for processing personal data is where the processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party. However, to be lawful, these interests must not be overridden by the interests or fundamental data protection rights and freedoms of the data subject, in particular when the data subject is a child.

If you intend to rely upon legitimate interests as your lawful grounds for processing, it is a good idea to document a Legitimate Interests Assessment (LIA), a three-step test to determine whether you do, in fact, have a legitimate interest to conduct the processing, the necessity of the processing in order to achieve your legitimate interest, and whether data subjects’ rights and freedoms outweigh your interest. In this chapter, I explain when to use an LIA form and what to consider when you do; I also discuss what to do with it when ...