1 / 3

GDPR AND LEGITIMATE INTERESTS: GETTING THE BALANCE RIGHT

The General Data Protection Regulations (GDPR), which comes into force in 2018 represents the biggest change in data protection for over 20 years.<br>We provide comprehensive consultancy and guidance to UK and international entities, helping them prepare their organisation for the changes GDPR will bring.<br><br>We are happy to offer specialist legal advice on all aspects of GDPR. Call us on 0203 670 5540.<br><br>

Download Presentation

GDPR AND LEGITIMATE INTERESTS: GETTING THE BALANCE RIGHT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. GDPR AND LEGITIMATE INTERESTS: GETTING THE BALANCE RIGHT The General Data Protection Regulations (GDPR), which comes into force in 2018 represents the biggest change in data protection for over 20 years. We provide comprehensive consultancy and guidance to UK and international entities, helping them prepare their organisation for the changes GDPR will bring. WHAT DOES GDPR SAY ABOUT LEGITIMATE INTEREST DATA PROCESSING? GDPR processing will be considered lawful if: It is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which

  2. require protection of Personal Data, in particular where the data subject is a child. The obligation on data controllers in Article 6 is not hugely different from their responsibilities prior to GDPR. But significantly GDPR attaches greater weight to the protection of data belonging to children. There is also a new requirement to keep a record of the basis of legitimate interest processing so that you can be accountable for any decisions you make if necessary. WHAT IS A LEGITIMATE INTEREST ASSESSMENT? The ICO website outlines the need to carry out a Legitimate Interest Assessment (LIA) when seeking to rely on legitimate interest as a lawful ground for processing data. It involves considering the following: Does a legitimate interest exist? Examples of what may be a legitimate interest include fraud prevention, IT security, use of employee data and disclosure of personal information to prevent crime Is the processing necessary? Even if there is a legitimate interest you must demonstrate that there is no other reasonable way to get the same result Do the individual’s interests override the legitimate interest? If for example use of the data is likely to cause harm to an individual it will be difficult to justify processing under legitimate interest It?s important to consider these issues if using legitimate interests as a ground to process data. Generally speaking use of highly sensitive data or use of data in a way that people would not ordinarily expect is less likely to be justifiable under this ground. Big Data Law provides bespoke LIAs tailored to your circumstances. We keep these under regular review so that they remain fit for purpose as commercial circumstances change and the nature of data you capture fluctuates. For advice you can contact GDPR Solicitors UK. DOES IT MATTER WHICH GROUND WE USE FOR DATA PROCESSING? Carrying out risk assessments like the LIA may appear cumbersome. But the lawful ground you choose to rely on for processing information is not just an academic exercise. The rights of individuals and your own position can differ considerably depending on which processing ground you apply. For example, an individual will not automatically benefit from the so-called ?right to be

  3. forgotten? under Article 17 of GDPR when his or her data is processed on legitimate interest grounds. That?s not true when consent is used as a basis for processing. Similarly the right to data portability by an individual is limited when a controller uses legitimate interest to justify processing. INFORMING INDIVIDUALS OF LEGITIMATE INTERST PROCESSING When using the legitimate interest ground you must let individuals know: How their data is being processed That it is being processed under the legitimate interest ground What the legitimate interest is That they can object For many clients getting the message across to individuals about legitimate interests can prove problematic. We provide bespoke information templates that ensure you fully comply with the law while reassuring individuals that you have carried out an exhaustive assessment of any potential impact the processing will have on them. We are happy to offer specialist legal advice on all aspects of GDPR. Call us on 0203 670 5540.

More Related