Help Center
News
Help Center
News
Getting Started
Compliance Settings
IT Settings
Risk Settings
Modules
Document
Documents & PoliciesAssessmentsControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterInternational StandardsRecord of Processing Activities (ROPA)Exporting your ROPAVendorsData Protection Impact Assessments (DPIA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
Manage
React & Resolve
Sharing & Group functions
Assessments
Features
How-To Guides & Tips
Get Help
Release Notes

Legitimate Interest Documentations

Overview

According to the GDPR and other data protection laws, a controller may rely on legitimate interests as a legal basis for processing personal data. However, this basis can be delicate, as it is not always clear when an interest is truly legitimate. Therefore, it is necessary to conduct a thorough assessment to ensure the legal basis remains valid.

A legitimate interest exists when the controller or a third party pursues a legitimate objective that is supported by the processing of data. However, this interest must be balanced against the fundamental rights and freedoms of the data subjects.

Examples:

  • Monitoring company property through video surveillance (legitimate interest: protection against theft).
  • Data processing for direct marketing purposes (e.g., remarketing campaigns).
  • Sharing data within a corporate group for internal administration.

The controller must document the balancing test to demonstrate why the processing is lawful in the event of an audit by the supervisory authority. This documentation is evidence of compliance and transparency and protects the company from legal risks.

Under Document, find all Legitimate Interest Documentation on the Overview page, categorized into All, Active, Draft, Inactive, and Review.

  • You can click on one to edit if you have already created documentation.
  • If you wish to document a new legitimate interest as a legal basis for processing, click Create.

Creating new Legitimate Interest Documentation

As with every element, you can create the documentation manually or download a shared one from the organization. This guide focuses on manual creation. To learn more about downloading elements, read the corresponding guide.

Click Create and select Create Legitimate Interest.

General

When creating a new Legitimate Interest Documentation, you will first be asked to fill out some general information:

  • Select the responsible person and set the status.
  • Choose the organizational unit.
  • Select the various affected persons. Create new tags by typing directly into the field and selecting them if needed.
  • Name the legitimate interest.
  • Provide a brief description.
  • Click Next to proceed.

 

Necessity

On the Necessity tab, you will be asked a series of questions relating to your interest to assess whether it is, in fact, legitimate. Answer them with due diligence. The better your reasoning, the more likely you can legitimize your interest. Also, try to highlight both sides to form a comprehensive picture. Incorporate all conceivable factors and objectively argue why your processing is necessary.

  • The first question concerns the suitability of the processing for the aimed goal. You must set out how the processing is suitable to achieve that goal.
  • The second question is a follow-up to the first one. Considering how the goal may also be achieved without the processing directly addresses the necessity and suitability of the processing activity.
  • The third question requires more argumentation and evaluation of the purpose and the processing. The purpose must justify the processing and thus stand in a reasonable proportion to the processing. It is not proportionate if the processing is excessive and goes beyond the initial purpose.
  • Lastly, you will be asked if there are less intrusive means of processing to achieve that purpose. If that is true, the processing is again not proportionate as the least intrusive remedy needs to be used. Try to argue why less intrusive means of processing can not achieve the described purpose.

If you are unsure, talk to your legal advisor, as such an evaluative appraisal may be challenging.

Click Next on the top-right corner to continue.

 

Balancing of Interests

Lastly, you need to balance your interests against those of the affected data subjects. Relying on legitimate interest as a legal basis for processing personal data requires that your interest outweighs the rights and freedoms of the affected data subjects. This is a delicate process that must be done carefully and with due diligence.

  • Determine who the affected persons are who require special protection.
  • Indicate whether the data processing occurs in a personal or professional capacity.
  • You will then be presented with a series of questions designed to help balance interests. If you need assistance answering some of the questions, seek legal advice.

Click the Save button to finish the creation of a new Legitimate Interest Documentation.

Managing Legitimate Interest Documentation

Click on a documentation to manage it.

General

You will find all the information about that Legitimate Interest Documentation on the managing page.

As with most elements, you may write notes by clicking the Notes button on the right or manage its Access and Sharing by clicking the three horizontal dots in the top right corner.

Click on the blue menu icon at the top left to expand or minimize the menu. 

Necessity 

You can view the information provided during the creation process. Click Edit to adjust the details.

Balancing of Interest 

The personal data and special categories originate from the linked ROPAs. Additionally, you can view the previously answered questions about the balancing of interests. Click Edit to modify the information.

Tasks

You will find the tasks linked to your Legitimate Interest Documentation on the Tasks tab. If you wish to link a task, choose one from the library with the Add button or create a new task by clicking the Create button. Follow the steps in the Tasks guide to learn more.

Assessments

The Assessment tab will provide all assessments linked to the Legitimate Interest Documentation. If you wish to link additional assessments, click the Add button and choose the ones you'd like to link. Otherwise, you may create new ones by clicking the Create button. Follow the guide on Assessments to learn more.

 

Was this article helpful?

English
Powered by Product Fruits