Are you GDPR compliant? Take our test!


Are you compliant with the GDPR, the data protection regulation that came into effect from May 2018 across the EU?

To find out, determine the personal data your setting holds and the purposes for collecting and processing it — then complete our quick quiz below.

Choose your answers, then hit 'submit' (bottom right hand corner) to find out your score:

*About Legitimate Interest

Legitimate interest is one of 6 lawful bases on which you may hold and/or process personal data, and is the most flexible of the 6 (another lawful basis you may use is Consent). It is not focused on a particular purpose and therefore gives you more scope to potentially rely on it in many different circumstances.

It may be the most appropriate basis for you to use when:

  • the data processing is not required by law but is of a clear benefit to you or others;
  • there’s a limited privacy impact on the individual;
  • the individual should reasonably expect you to use their data in that way; and
  • you cannot, or do not want to, give the individual full upfront control (ie consent) or bother them with disruptive consent requests when they are unlikely to object to the processing. For example, where you have a contractual requirement with a local authority to track a child's development under a specific programme.

The legitimate interests basis is likely to be most useful where there is either a minimal impact on the individual, or else when there is a compelling justification for the processing. 

Futher information on legitimate interest can be found on the ICO website

Where next? 

Alliance members should visit our GDPR resources for members page

You can also find out more about GDPR on the Information Comissioner's Office website