Professional Documents
Culture Documents
LIA template
20180319
v1.0 1
Part 2: Necessity test
You need to assess whether the processing is necessary for the purpose you have
identified.
LIA template
20180319
v1.0 2
Part 3: Balancing test
You need to consider the impact on individuals’ interests and rights and freedoms
and assess whether this overrides your legitimate interests.
First, use the DPIA screening checklist. If you hit any of the triggers on that
checklist you need to conduct a DPIA instead to assess risks in more detail.
Reasonable expectations
Do you have an existing relationship with the individual?
What’s the nature of the relationship and how have you used data in the past?
Did you collect the data directly from the individual? What did you tell them at
the time?
If you obtained the data from a third party, what did they tell the individuals
about reuse by third parties for other purposes and does this cover you?
How long ago did you collect the data? Are there any changes in technology or
context since then that would affect expectations?
Is your intended purpose and method widely understood?
Are you intending to do anything new or innovative?
Do you have any evidence about expectations – eg from market research,
focus groups or other forms of consultation?
Are there any other factors in the particular circumstances that mean they
would or would not expect the processing?
LIA template
20180319
v1.0 3
As previously said, in certain circumstances, we already have a connection with
the person (because they are our client). Clients may see our Privacy Notice and
Data Protection Policy on the chambers website in certain circumstances.
When the data comes from other parties, such as information on other people
provided by my clients, those third parties may be aware (for example, those
supplying witness statements or character references for legal procedures), but
they may not be.
The data will be used just as long as it is relevant to the case, but it will be kept
beyond that to comply with legal requirements to which we are subject. It will be
safely disposed of once it is no longer necessary.
The goal of giving legal counsel is well acknowledged. We are not doing anything
novel or creative. we have no information concerning public expectations, save
that the public would expect legal advisers to keep personal data safe and to
always follow the law.
Likely impact
What are the possible impacts of the processing on people?
Will individuals lose any control over the use of their personal data?
What is the likelihood and severity of any potential impact?
Are some people likely to object to the processing or find it intrusive?
Would you be happy to explain the processing to individuals?
Can you adopt any safeguards to minimise the impact?
Our procedure is part of a larger criminal or civil legal process, thus the effect is
likely to be limited. Individuals will lose control over their data if we handle it
without their permission. However, the probability and severity of my
processing's effect are restricted; the impact (if any) will be decided by the
outcome of the lawsuit as determined by the courts or as negotiated between the
parties.
Some people may object to the processes because they disagree with those we
represent, but we would be pleased to explain the process and defend it if
necessary. To reduce the effect of my processing, we can implement all of the
precautions advised by the ICO and professional authorities.
LIA completed by
Date
What’s next?
Keep a record of this LIA, and keep it under review.
Do a DPIA if necessary.
Include details of your purposes and lawful basis for processing in your privacy
information, including an outline of your legitimate interests.
LIA template
20180319
v1.0 5