Legitimate Interest Assessment.
According to the GDPR, legitimate interest is one out of six lawful bases you can use to process personal data. When personal data is being processed based on legitimate interest, you should perform a legitimate interest assessment – also known as LIA. This is a kind of risk assessment that determines if it is a proper lawful basis for that processing activity.
Legitimate interest defers from the other bases because it does not have a particular purpose and it’s not based on consent. It is an easy go-to base when the others do not fit. To avoid misuse or fines, a LIA is recommended to help affirm that legitimate interest is a proper base.
When a LIA is conducted, you demonstrate that you have done your research in confirming the legitimacy of your processing. It proves that you are compliant and it helps you to align with the accountability principle.
What are the challenges?
Within RESPONSUM, you are able to perform a guided LIA which results in a score that gives you inside in the balance between the interest of the organization and the negative impact on the data subjects.
When creating your ROPA in RESPONSUM, every processing activity that is based on legitimate interest, will automatically generate a balancing test.
By executing this test, you firstly identify the legitimate interest. Does your purpose falls under the legitimate interest? Secondly you define the scope. Then you get a questionnaire where you balance the interests against the rights of the data subject. You end up with a score between 0 and 100. The lower the score, the lower the negative impact on the data subjects which defines whether you can use this legal basis for that processing. You can still manually input your final decision with a justification.
Do you want to work more efficiently too?
Book a free demo with one of our experts today. Don’t worry, they won’t bite.