Lawful Basis for Processing an OSINT Investigation

LAWFUL BASIS FOR INSTRUCTING AXETEN

Before you instruct Axeten to process an instruction on your behalf, you are obliged to determine and document the legal basis to process the Personally Identifiable Information (PII) that might relate to any subject or associate within the scope of the instruction.

Under the GDPR, you have the right to investigate a person where the purpose is explicit and legitimate.
There is no right to instruct a, 'fishing expedition'.
When you document the legal basis, you must specify, from the outset, why you are collecting personal data and what you intend to do with it.
Your instruction to Axeten must be explicit.

The ICO provides an interactive guidance tool that shall determine the Lawful Basis.
https://ico.org.uk/for-organisations/resources-and-support/lawful-basis-interactive-guidance-tool

In most instances, the lawful basis is, 'Legitimate Interest'.

You should document the explicit justification and conduct a further 'Legitimate Interest Assessment' using the checklist at:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests

Keep a dated record of the documentation and the check-list.

When the legal basis has been completed, you are ready to instruct Axeten.

 

INSTRUCTING AXETEN

We recommend that your instruction to Axeten explicitly states the Legal Basis.

So that your instruction might commence with, 'As the data controller [your entity name] and in compliance with the Data Protection Act 2018, [OR The General Data Protection Regulation 2016/679] (DELETE AS APPROPRIATE) the legal basis for this instruction is Legitimate Interest [or other].'
Thereafter, the instruction should identify the subject(s) and what it is that you wish Axeten to research in relation to the subject.

More info on instructing Axeten

 

DISCLAIMER

Axeten is not legally accountable for the advice provided on this page. If in doubt, read the extensive guidelines provided by the ICO.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing

Axeten is not authorised to provide legal advice and shall not be liable in law for any loss or injury suffered by any party.
In all legal matters, it is best to consult with your lawyer.