Legitimate Interests Assessment (LIA) 

  1. Introduction:
  • Purpose of the LIA: To assess and document the legitimate interest basis for processing personal data for cold contacting potential clients about AI training services.
  • Overview of processing activity: Cold contacting individuals within companies via email and phone calls to inform them about AI training opportunities.
  1. Purpose Test:
  • Identify Legitimate Interest: The legitimate interest is to provide information and promote AI training services to companies, enabling them to upskill their employees in AI technologies. This is crucial for maintaining competitiveness and efficiency in the rapidly evolving AI landscape.
  • Define Purpose: The specific purpose of processing is to inform companies about the availability and benefits of AI training services that they may not be aware of, helping them integrate AI into their operations effectively thus maintaining their competitive advantage.
  1. Necessity Test:
  • Assess Necessity: Directly contacting relevant individuals within companies is necessary because there is no comprehensive public register of companies needing AI training. LinkedIn and other online tools provide the most relevant contact information.
  • Consider Alternatives: Other methods, such as general advertising or indirect communication, are less effective in reaching the specific decision-makers within companies who can benefit from the training services.
  1. Balancing Test:

       Impact on Data Subjects:

  • Nature of Data: The data processed includes professional contact details (email addresses and job titles) obtained from publicly accessible sources such as LinkedIn, company websites, and other online tools.
  • Expectations: Individuals in professional roles may reasonably expect to be contacted about business opportunities relevant to their roles.
  • Intrusiveness: The contact is limited to a few emails and potentially a phone call, minimizing intrusiveness.

       Safeguards:

  • Data Minimization: Only the necessary contact information is collected and used.
  • Transparency: Initial contact includes information about the purpose of the contact, with a link to the privacy policy.
  • Opt-out Mechanism: Recipients are given a clear option to opt-out of future communications.

       Data Subjects’ Rights: The legitimate interest is not overridden by the data subjects’ rights because:

  • The professional nature of the contact aligns with the data subjects’ roles and expectations.
  • The minimal intrusiveness of the contact, combined with the ability to easily opt-out, ensures that their privacy and rights are respected.
  • The transparency about data processing purposes supports informed decision-making by the data subjects.
  1. Documentation and Transparency:
  • Document Findings:
  • Legitimate interest: Promoting AI training services to maintain and improve companies’ competitiveness and adaptation to the rapidly changing economic environment.
  • Necessity: Direct contact is the most effective method.
  • Safeguards: Data minimization, transparency, and opt-out mechanism.
  • Inform Data Subjects:
  • Initial Contact Email: Includes information about the purpose of the contact and a link to the privacy policy.
  • Privacy Policy: Detailed information about data processing activities is provided on the company’s website.
  1. Review Schedule:

After conducting the Legitimate Interests Assessment, it is concluded that the legitimate interest in promoting AI training services justifies the processing of professional contact details. The necessity of direct contact for reaching relevant decision-makers and the implementation of appropriate safeguards ensures that the data subjects’ rights and freedoms are not overridden. Therefore, the processing activities are compliant with GDPR requirements under the legitimate interests basis.

7. Review Schedule:

Regular Reviews: The LIA will be reviewed annually or whenever there is a significant change in the data processing activities to ensure continued compliance with GDPR