Data Protection Impact Assessments

Where data processing is high risk, rely on our data protection specialists to conduct a thorough impact assessment to keep your business compliant.

If you are processing data that is likely to result in a high risk to individuals you need to perform a data protection impact assessment (DPIA). We also recommend doing a DPIA ahead of any big project that involves processing personal data in any way.

Effective impact assessments to reduce data processing risks

DPIAs are all about assessing risk. In particular you need to ask: could the way you process data cause harm – either to individuals or to society as a whole? We can guide you through the DPIA process. In particular if you identify a high risk of harm that requires notifying the Information Commissioner (the ICO) our data protection solicitors can liaise with the regulator on your behalf. Our data protection impact assessments cover:

  • GDPR training to ensure relevant staff understand the importance of DPIAs and when one might be necessary.
  • Provision of data protection impact assessment guidelines.
  • Providing advice where necessary on whether a DPIA is required, usually where processing is likely to result in a high riskto individuals. This might be where you intend to carry out systematic monitoring or profiling or you are considering the processing of children’s data.
  • Documenting the risk to individuals following consultation with your data protection officer and other staff.
  • Compiling the DPIA, describing the nature and context of your processing and ensuring full GDPR compliance.
  • Considering modifications to your processing methods to mitigate identified risks.
  • Reporting your intended processing project to the ICO if a high level of risk is identified.
  • Responding to any decision by the ICO that prevents you from processing the data.

What our clients say

We pride ourselves on delivering an excellent service for clients, but don’t just take our word for it.

Data protection impact assessment checklist – the essential

Remember that an impact assessment is a compliance tool designed to identify and reduce the risks involved in a particular project you intend to carry out. A properly considered and completed DPIA demonstrates that you have taken the necessary steps to avoid harming individuals through your data processing. You should:

  • Provide a description of the processing – what is it for?
  • Ask relevant staff about their processing activities: can they suggest what risks might arise?
  • Obtain advice from your data protection officer.
  • Confirm that the processing is necessary and proportionate.
  • Set out how you intend to comply with GDPR principles.
  • Assess the likelihood of harm to individuals.
  • Identify ways to remove or reduce risk.
  • Keep a record of all decisions that informed the DPIA.
  • Ensure that precautionary measures identified in the DPIA are implemented before processing occurs.

Benefits of data protection impact assessments under the GDPR

DPIAs encourage employees to think about the implications of their data processing activities, and in particular the risk of harm to individuals their work may cause.

You don’t have to publish a completed impact assessment. However releasing the documentation – for example on your website – is a clear signal that you take data security seriously and will increase consumer trust.

The data protection impact assessment procedure is designed to reduce the risk of harm to individuals. But a properly considered DPIA can also provide your business with compliance and financial benefits by reducing the risk of serious data breaches and regulatory sanctions.

Who we help: Businesses carrying out high volume data processing

A data protection impact assessment form is only required when your data processing is likely to result in a high risk to the rights and freedoms of individuals. And it is only if you can’t mitigate the risks that you need to consult with the ICO prior to carrying out the processing. At Harper James Solicitors, we have the expertise to identify risk and advise on mitigation. We are familiar with how the regulator approaches high risk processing and can liaise with officials there when your DPIA identifies a high level of risk that can’t be reduced.

Why choose Harper James Solicitors?

If you are embarking on large scale data processing and you are concerned about the risk to individuals get in touch with us. We offer general advice on the occasions when a DPIA is essential as well as on those instances where one may be desirable. We can also assist with the DPIA itself, advising you on the steps you need to take, who you need to involve and the issues you need to raise to ensure your DPIA is effective. We have a specialist team of solicitors, regularly engaged in training and advising commercial clients and their staff on all aspects of GDPR compliance.

As a fully integrated commercial law firm we can also provide you with support across a range of services to help your business go from strength to strength. With a deep understanding of the inner workings of growing businesses, we can provide you with all the legal support you will need to thrive.

Find out more about the team here:

Pricing plans

Our three transparent pricing packages are designed to give you the widest possible access to high-quality legal advice, whatever the size and nature of your business:


Straightforward access to senior solicitors at a competitive rate.

An affordable solution for businesses needing one-off legal support. Receive ‘City’ partner-level expertise at a fraction of ‘City’ prices.


Have legal peace of mind for £189 per month with additional support from £125 per hour.

A monthly subscription legal support package specifically designed for start-ups and smaller businesses.


Providing you with priority access to a dedicated panel of highly experienced solicitors.

Fully account managed quarterly subscription service for businesses with more complex legal needs.

What next?

Please leave us your details and we’ll contact you to discuss your situation and legal requirements. There’s no charge for your initial consultation, and no obligation to instruct us. We aim to respond to all messages received within 24 hours.

  • Your data will only be used by Harper James Solicitors. We will never sell your data and promise to keep it secure. You can find further information in our privacy policy.

  • This field is for validation purposes and should be left unchanged.

A national law firm

We mainly work remotely, so we can work with you wherever you are. But we can arrange face-to-face meeting at our offices or a location of your choosing.

Our commercial lawyers are based in or close to major cities across the UK, providing expert legal advice to clients both locally and nationally.

Floor 5, Cavendish House, 39-41 Waterloo Street, Birmingham, B2 5PP
Stirling House, Cambridge Innovation Park, Denny End Road, Waterbeach, Cambridge, CB25 9QE
10 Fitzroy Square, London, W1T 5HP
13th Floor, Piccadilly Plaza, Manchester, M1 4BT
Harwell Innovation Centre, 173 Curie Avenue, Harwell, Oxfordshire, OX11 0QG
2-5 Velocity Tower, 1 St Mary’s Square, Sheffield, S1 4LP