The advice goes on to recommend that comprehensive checklists are deployed and their example is set out below. You will need to ensure that the thinking and processing behind each separate limb of the checklist is properly considered and documented so that it forms a viable audit trail to the conclusions you reach in justifying LI as a basis for processing. Remember that different criteria apply if you are processing special category data.
The conundrum that has been taxing the collective thinking of the profession over the past few months might now prove more easily soluble than it appeared to be the case until now. However, firms must always bear in mind the fundamental principles of processing; that processors should ensure that they gather only as much data as is absolutely necessary for the legitimate purpose and that it should not be kept for any longer than is absolutely necessary.
It also needs to be demonstrated that no other more suitable grounds for processing could be identified. It is vital that the exercise balancing a subjects’ interests with firm’s interests described in the advice is carried out, and documented, punctiliously. Lastly it will of course be prudent to seek new subjects’ consent to process at the outset of the relationship.