If you are using Legitimate Interest as your legal basis for processing personal data, the Information Commissioners Office (ICO) have stipulated you must carry out a Legitimate Interest Assessment (LIA). An LIA is a three-part test. You need to:
1. Identify a legitimate interest
2. Show that the processing is necessary to achieve it
3. Balance it against the individual’s interests, rights and freedoms
You should keep a record of your Legitimate Interests Assessment (LIA) to help you demonstrate compliance if required.
See an example LIA template provided by the Data Protection Network (DPN) here:
Guidance from ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/