Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Legitimate interest assessment (LIA)

If your organisation’s lawful basis is legitimate interests, you have completed an appropriate LIA prior to starting the processing.

Ways to meet our expectations:

  • The LIA identifies the legitimate interest, the benefits of the processing and whether it is necessary.
  • The LIA includes a 'balancing test' to show how your organisation determines that its legitimate interests override the individuals’ and considers the following issues:
    • Not using people's data in intrusive ways or in ways which could cause harm, unless there is a very good reason.
    • Protecting the interests of vulnerable groups such as people with learning disabilities or children.
    • Whether you could introduce safeguards to reduce any potentially negative impact.
    • Whether you can offer an opt-out.
    • Whether you require a DPIA.
  • You clearly document the decision and the assessment.
  • You complete the LIA prior to the start of the processing.
  • You keep the LIA under review and refresh it if changes affect the outcome.

Can you answer yes to the following questions?

  • Do staff say that the LIAs are clear and comprehensive?
  • Is the review process effective?