People provide the strength of an organisation; their strength, passion and belief in what you are trying to achieve is key to your success.

With the right leadership, resources and guidance the people in your organisation can do anything: serve 200 customers at lunchtime or put a satellite in space (assuming you’re either a restaurant or a space agency).

Almost all staff will handle personal data in some form

Making sure they handle it appropriately is key.

With this in mind and knowing that all companies need to provide guidance and raise awareness of Data Protection with their staff, we have put together an eLearning course.

Twelve bitesize chunks of information will give your staff the information they need to understand their responsibilities and help you reduce the risk of a breach.

Each course is a few minutes, pitched at the Data Protection novice and allows you to monitor culture by department. They are designed to be taken on a regular basis as reminder that Data Protection is not a point in time exercise.

Having training records to demonstrate your duty of care to your staff is important. They go towards demonstrating your data protection compliance.

With our eLearning courses you can help you achieve your training goals, reduce your risks and meet your statutory requirements with the minimum of overhead.

Introduction 

Legitimate Interest – what do we need to assess? 

Legitimate interest is one of the six possible ways to justify (“legitimise”) doing anything (collecting, analysing, sharing, storing) with personal information. 

GDPR Article 6(1)(f) 

Processing shall be lawful only if…at least one of the following applies… 

(f) Processing is necessary for the purposes of the legitimate interestspursued by the controller (or by a third party) 

except where such interests are overridden by  

the interests or fundamental rights and freedoms of the data subject which require protection of personal data (in particular where the data subject is a child).  

Please note: this Assessment Tool only considers legitimate interests.  

It assumes you have already assessed whether you can, or should, be relying on legitimate interests as the basis for processing personal information. Please use Protecture’s “lawful basis decision tree” to consider which lawful basis is most suitable for the processing you are considering.  

Legitimate Interest and transparency 

You will be required to publish the outcome of this Assessment. This is because the GDPR requires us to inform people, when we collect their personal information, of  

  • the purposes we are going to use their information for,  

  • the legal basis (i.e. legitimate interests in this case) and  

  • what interests we are pursuing.  

GDPR Article 13(1) 

Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: 

(c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; 

(d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;