Processing of personal data may be based on legitimate interests of the controller or a third party. Most common practical examples of legitimate interests are the protection of persons and property, direct marketing, fraud prevention, effective management of processes and employees, etc. However, every controller must carefully assess the circumstances of the data processing and conform to certain requirements, including justification (necessity) of the planned processing activity, and striking a balance between data subjects’ expectations and their rights and freedoms.
The course is delivered as a practical, role-playing workshop where participants will assess the legitimate interests of controllers or third parties through a three stages: the purpose test, the necessity test and the balance test. The assessment is based on real-world scenarios that are applicable in most organization. Participants take on different roles and represent either the interests of the controller, or the interests of the data subjects.
In addition to the actual experience, participants will also receive a ready-to-use methodology template for conducting a legitimate interest assessment.
This course is intended for everyone who would otherwise be participating in the legitimate interest assessment within their own company or place of work – data protection officers, business process managers (marketing, HR, sales, corporate security, etc.), as well as everyone else who wants to develop in the field of personal data protection and privacy.
In this course, the participants will learn:
- identify legitimate interests as an appropriate legal basis,
- define the assessment methodology applicable to the organization,
- lead and participate in legitimate interest assessments,
- assess the necessity of the processing,
- weight out the interests of the controller in relation to the right and expectations of the data subjects
- document the assessment,
- manage data subjects’ requests and complaints.