How to conduct a legitimate interest assessment (LIA)

Published by a ÀÏ˾»úÎçÒ¹¸£Àû Risk & Compliance expert
Practice notes

How to conduct a legitimate interest assessment (LIA)

Published by a ÀÏ˾»úÎçÒ¹¸£Àû Risk & Compliance expert

Practice notes
imgtext

The UK General data protection Regulation (UK GDPR) permits processing of personal data where that processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

There is clearly a balancing exercise to be done: your legitimate interests versus the fundamental rights and freedoms of the data subject—see Precedent: Legitimate interest assessment—data processing.

The outcome of the assessment largely determines whether legitimate interests may be relied on as a lawful ground for processing personal data. For more guidance on legitimate interest as a lawful ground for processing, see Practice Note: Processing personal data—legitimate interests.

This Practice Note provides guidance on how to conduct a legitimate interest assessment under the UK GDPR. It is based on the UK GDPR, together with:

  1. •

    detailed guidance from the Information Commissioner’s Office (ICO) on legitimate interests

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Data protection definition
What does Data protection mean?

In an employment context, this refers to the obligation on an employer to protect the data of its employees and ensure that it complies with the law on how it uses the employees' data.

Popular documents