GDPR Legitimate Interests Assessment (LIA)

/, Uncategorized/GDPR Legitimate Interests Assessment (LIA)

GDPR Legitimate Interests Assessment (LIA)

The GDPR

[1] applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.  The concept of legitimate interests[2] as a lawful basis for processing is essentially the same as the equivalent Schedule 2 condition in the 1998 Act, with some changes in detail.

This can be broken down into a three-part test:

  1. Purpose test: are you pursuing a legitimate interest?
    1. Yes, the individual’s details are required so the Friends of Wimbledon Park can inform the member on matters relating to Heritage Wimbledon Park. The details consist of name, postal and email addresses, phone number and date of application.
  2. Necessity test: is the processing necessary for that purpose?
    1. Without this information communication wouldn’t be facilitated.
  3. Balancing test: do the individual’s interests override the legitimate interest?
    1. No the individual has joined to be a recipient of this information.

All members’ personal details supplied to FOWP will be held securely and only accessed by those appointed to administer the database.  It will only be used solely for communication with them concerning their membership, governance, events and only matters concerning FOWP. It will not be shared with any other organisation except where there is a statutory obligation to do so. Members may write to the Membership Secretary at any time to request to see his or her details held or request the removal of his or her details from the database

[1] General data Protection Regulations (GDPR)

[2] Article 6(1)(f) gives you a lawful basis for processing where:

“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

2019-05-02T12:52:59+01:00May 23rd, 2018|