GDPR - legitimate interests assessment 

GDPR - legitimate interests assessment 

This legitimate interests assessment (LIA) template is designed to help Libertatem to decide whether or not the legitimate interests basis is likely to apply to our processing. As a result of this assessment, Libertatem has decided it has a Legitimate Interest with its members. 
 
Part One: Purpose Test 
You will need to assess whether there is a legitimate interest behind the processing. 
 
Why do you want to process the data? 
To carry out its role as a not-for-profit trade association, representing its members and lobbying for the sector, LIBERTATEM needs to: 
manage members’ subscriptions including joining, maintenance, renewal and leaving processes 
provide member services by sending out a periodical magazine, admitting members to a private and personalised section of the LIBERTATEM website 
record conversations with members when we provide information, advice or guidance over the phone for training, quality or monitoring purposes 
understand the needs and interests of members from data capture of relevant information 
improve services by conducting member surveys and analysis 
monitor and evaluate the usage of services to improve member experience 
communicate with members about LIBERTATEM activities and offers, mainly via email but also by post and over the phone 
provide education and record continuous professional development of members 
advertise to prospective new members and lapsed existing members by tracking click-throughs from paid for advertising 
identify usage trends and determining the effectiveness of promotional campaigns and advertising with website and email analytics services (e.g. using Google Analytics) to understand browser behaviour 
provide special offers, discounts or other communications in partnership with contracted third-parties e.g. to provide member mailing lists to a fulfilment company or to allow validation of membership using name and membership number. 
 
What benefit do you expect to get from the processing? 
If the LIBERTATEM were unable to carry out this processing then it would be unable to provide preferential, beneficial or bespoke services to its member body and would be unable to improve standards. It would also suffer by not being able to represent its members and campaign effectively for fair regulation. 
 
Do any third parties benefit from the processing? 
LIBERTATEM’s contracted third-parties offering additional beneficial member services benefit from the selected access to LIBERTATEM membership. 
 
Are there any wider public benefits to the processing? 
Without its membership funding its activities, it could not fulfill its objectives of: 
promoting a sustainable independent financial services industry 
lobbying in the interests of impartial advisers and their clients by providing a voice and a face that is heard and seen by politicians, the media and the public both nationally and locally 
facilitating the growth of a sustainable independent financial services industry that works for everyone, through recognition of the sector as a legitimate business environment 
endorsing professionalism and improving standards by promoting accreditation and training 
 
How important are the benefits that you have identified? 
Over 11,000 independent financial advice firms exist in the UK which represents over 75% of funds under management. The benefits of a properly regulated and managed sector therefore accrue to a substantial part of the economy. As the sector’s largest trade association with its members and their clients’ interests at its heart, LIBERTATEM has an important role to play in the future of the provision of impartial financial advice in the UK. 
 
What would the impact be if you couldn’t go ahead with the processing? 
LIBERTATEM would be unable to accrue funds to deliver its objectives or communicate its activities with its members. 
 
Are you complying with any specific data protection rules that apply to your processing (eg profiling requirements, or e-privacy legislation)? 
Yes. LIBERTATEM only uses profile information that the member provides to improve the relevancy of its communication to the member. It also uses a basic cookie to track a member’s activity on its website. 
 
Are you complying with any specific data protection rules that apply to your processing (e.g. profiling requirements, or e-privacy legislation)? 
Yes. LIBERTATEM only uses profile information that the member provides to improve the relevancy of its communication to the member. It also uses a basic cookie to track a member’s activity on its website. 
 
Are you complying with industry guidelines or codes of practice? 
Yes. 
 
Are there any other ethical issues with the processing? 
No. 
 
Part Two: Necessity Test 
You need to assess whether the processing is necessary for the purpose you have identified. 
 
Will this processing actually help you achieve your purpose? 
This processing is necessary to fulfil LIBERTATEM’s purpose. 
 
Is the processing proportionate to that purpose? 
LIBERTATEM believes the processing to be proportionate and will validate this with a sample of its members. 
 
Can you achieve the same purpose without the processing? 
It would not be possible to manage the subscription of a large member base or communicate effectively with this group in any other way. 
 
Can you achieve the same purpose by processing less data, or by processing the data in another more obvious or less intrusive way? 
LIBERTATEM has reviewed the amount of data it processes with the aim of understanding if the volume of data processed can be reduced. This has led to the introduction of some process changes and subsequent reductions in processing, no further improvements have been identified. 
 
Part Three: Balancing Test 
You need to consider the impact on individuals’ interests and rights and freedoms and assess whether this overrides your legitimate interests. 
First, use the DPIA screening checklist. If you hit any of the triggers on that checklist you need to conduct a DPIA instead to assess risks in more detail. 
 
Nature of the personal data 
 
Is it special category data or criminal offence data? 
No. 
 
Is it data which people are likely to consider particularly ‘private’? 
No. 
 
Are you processing children’s data or data relating to other vulnerable people? 
No. 
 
Is the data about people in their personal or professional capacity? 
The data held is about members in their professional capacity and relates solely to this activity. 
 
Reasonable expectations 
 
Do you have an existing relationship with the individual? 
LIBERTATEM currently has a substantial membership of individuals and businesses, many of whom have been members for over 2 years and so LIBERTATEM has developed a role as a trusted partner for advisers who needs information, advice and guidance in delivering their responsibilities to their clients. 
 
What’s the nature of the relationship and how have you used data in the past? 
All members are required to renew the membership on or before the anniversary of their membership lapsing, this requires LIBERTATEM to contact the member by email and post (and occasionally telephone) to remind them of the benefits of remaining a member. Most members use some of the products or member services provided by LIBERTATEM and some of these have basic customisation applied to them based on the member’s data provided. 
 
Did you collect the data directly from the individual? What did you tell them at the time? 
All data is collected directly from the individual, except for the collection of indirect information of registering when a member logs on to the website. Members are informed of how LIBERTATEM processes their data in the terms and conditions of use of the website, the privacy policy and in welcome communications each member receives. 
 
If you obtained the data from a third party, what did they tell the individuals about reuse by third parties for other purposes and does this cover you? 
No third party data is used or stored for an individual. 
 
How long ago did you collect the data? Are there any changes in technology or context since then that would affect expectations? 
All member data stored and processed by LIBERTATEM has been refreshed at the membership renewal anniversary (usually annually) with no changes in technology or context over the last 6 years. 
 
Is your intended purpose and method widely understood? 
LIBERTATEM sets out its mission, vision and objectives clearly on its website and publishes this information regularly to its members. 
 
Are you intending to do anything new or innovative? 
LIBERTATEM does intend to improve its online dialogue with non-members visiting its website so it can ensure it is presenting the information required and taking the opportunity to ensure the benefits of membership are properly understood. 
 
Do you have any evidence about expectations – eg from market research, focus groups or other forms of consultation? 
LIBERTATEM conducts significant annual member research and uses this to improve its understanding of the market as well as its services, offers and promotions. It also receives regular communication and feedback from members as part of its regional meeting schedule. 
 
Are there any other factors in the particular circumstances that mean they would or would not expect the processing? 
No. 
 
Likely impact 
 
What are the possible impacts of the processing on people? 
The only potential negative impact of the processing that we can envisage is if we fail to take notice of a request to end a membership and continue to bill the member. In this circumstance we would offer a full refund from the point that the cancellation request could be evidenced as submitted, subject to any contractual term. There is an additional risk that if we do not manage or protect our member data appropriately, there could be a data breach. In these circumstances there is little that could be gained from third-party knowledge of this data as we store only the minimum data required to sustain a membership relationship. 
 
Will individuals lose any control over the use of their personal data? 
No, LIBERTATEM does not sell or provide any member data to any third-parties other than those it contracts to provide products or services for its members. 
 
What is the likelihood and severity of any potential impact? 
In the event of a data breach, then it would be possible for the personal data we store on our members to be misused which could include their name, address, contact information and bank details. 
 
Are some people likely to object to the processing or find it intrusive? 
As members are required to positively choose to take up and renew their membership and they are required to pay a subscription, LIBERTATEM believes that it is highly unlikely that any member would then object to the processing of their data as LIBERTATEM would be unable to provide the services that the member subscribed to. LIBERTATEM does offer the ability for members to opt out of receiving relevant direct marketing if they find it unnecessary or intrusive. 
 
Would you be happy to explain the processing to individuals? 
The LIBERTATEM is happy to explain to any members how, where and why it processes their data. 
 
Can you adopt any safeguards to minimise the impact? 
LIBERTATEM takes the data security of its members very seriously and regularly reviews the handling and storage of personal information. 
 
Can you offer individuals an opt-out? 
Yes. 
 
Making the decision 
 
Use your answers to Parts 1, 2 and 3 to decide whether or not you can apply the legitimate interests basis. 
 
 
What’s next? 
 
Keep a record of this LIA, and keep it under review. Do a DPIA if necessary. Include details of your purposes and lawful basis for processing in your privacy information, including an outline of your legitimate interests.  
 
© Copyright Libertatem Limited | All Rights Reserved | Privacy Policy and Disclaimer 
In association with Powerplay Communications  
Designed and created by it'seeze
Our site uses cookies. For more information, see our cookie policy. ACCEPT COOKIES MANAGE SETTINGS