In my recent posts on the subject of the forthcoming new data protection law (GDPR) I explained the rationale behind using ‘legitimate interests’ as the basis for PRs processing journalist data.
Legitimate interests makes a lot of sense for the way PRs process journalists’ data as it ensures organisations take care of personal information without requiring onerous ‘opt ins’ which would not be workable in a fast-paced industry that by its nature depends on daily communication.
Subsequent further guidance from the Information Commissioner’s Office (ICO) on legitimate interests cements the case for using this basis of processing in the context of media relations. But before anyone chooses to use legitimate interests you must have considered a three-part test as suggested by the ICO.
One way to ensure you have considered these tests is to conduct what the ICO call a ‘legitimate interests assessment’ or LIA for each process. It is not a legal requirement to complete an LIA but it is good practice. If you were ever to be audited by the ICO having completed one would help demonstrate you take GDPR seriously.
Completing an LIA is not an onerous task but if you are unfamiliar with the detail of GDPR then it could be hard going. Bigger PR agencies and in-house PR departments are more likely to have the resources to deal with GDPR compliance. But for smaller agencies the whole thing can be a little daunting.
So as a helping hand I have completed a sample LIA for a small PR agency. This is a starting point for doing your own LIA and helps to illustrate how legitimate interests fits the bill nicely for media relations.