Your business is probably processing many types of candidate, client or employee data on the basis of legitimate interests. Remember, this is lawful only if you can demonstrate your fair justification for relying on legitimate interest – have you documented how you evaluated this objectively?
The ICO describes “legitimate interests is the most flexible lawful basis for processing”, however, they are clear that companies must have robust tests to demonstrate that the balance of any risks to the individuals do not outweigh those interests.
- Check your GDPR records include a valid legitimate interest assessment (LIA) for each type of data you process on the basis of legitimate interest.
- If you start to process any new types of data, make sure you identify and document your lawful basis first. E.g. where gathering new types of candidate data or starting to use data for a different purpose.
- Helpline subscribers can find a Legitimate interest assessment (LIA) template and a completed example on our client portal.
- Contact our helpline for help considering your lawful basis options for handling personal data for particular purposes.