Legitimate Interests Assessment

This Legitimate Interests Assessment is designed to help SMEs assess whether legitimate interests is an appropriate lawful basis for processing personal data under Article 6 of the UK GDPR.

Legitimate interests is one of the lawful bases available for processing personal data. Whether it is suitable will depend on the purpose of the processing and your relationship with the individuals concerned.

Built around the three-part test

The template follows the three-part test derived from Article 6(1)(f):

• whether there is a legitimate interest behind the processing;
• whether the processing is necessary for that purpose; and
• whether that interest is overridden by the individual’s interests, rights, or freedoms.

It is split into three main sections, with sub-questions to help you work through each part of the assessment.

Links to DPIA screening where needed

In some cases, the outcome of the assessment may indicate higher risks to individuals. Where that happens, this template prompts you to complete the Data Protection Impact Assessment Screening Checklist to help determine whether a DPIA is required.

Helps you record and review your decision

Once completed, the assessment should help you decide whether legitimate interests is a suitable lawful basis for the proposed processing. If it is, that decision should be kept under review, and information about your lawful basis should be included in the privacy information made available to individuals.

For guidance on applying this lawful basis, see the Legitimate Interests Guidance Notes.

Legitimate Interests Assessment is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.