Effective impact assessments to reduce data processing risks
DPIAs are all about assessing risk. In particular you need to ask: could the way you process data cause harm – either to individuals or to society as a whole? We can guide you through the DPIA process. In particular if you identify a high risk of harm that requires notifying the Information Commissioner (the ICO) our data protection solicitors can liaise with the regulator on your behalf. Our data protection impact assessments cover:
- GDPR training to ensure relevant staff understand the importance of DPIAs and when one might be necessary.
- Provision of data protection impact assessment guidelines.
- Providing advice where necessary on whether a DPIA is required, usually where processing is likely to result in a high riskto individuals. This might be where you intend to carry out systematic monitoring or profiling or you are considering the processing of children’s data.
- Documenting the risk to individuals following consultation with your data protection officer and other staff.
- Compiling the DPIA, describing the nature and context of your processing and ensuring full GDPR compliance.
- Considering modifications to your processing methods to mitigate identified risks.
- Reporting your intended processing project to the ICO if a high level of risk is identified.
- Responding to any decision by the ICO that prevents you from processing the data.
What our clients say
We pride ourselves on delivering an excellent service for clients, but don’t just take our word for it.
What attracted me to Harper James was the pricing model they have in place. It means we get access to top legal professionals at prices we can afford. In our most recent funding round, the support we received was vital.
I can’t sing our solicitor’s praises enough: fast, efficient, sensible and supportive. A quick and fair resolution to all queries that we have worked on together and would thoroughly recommend her to any of my contacts.
As a young company, getting the right advice regarding staff, contracts, policies and procedures can be crucial. Harper James delivers this for us with professional, expert lawyers across all our desired areas, who are always able to provide all the support we need and more. This has enabled us to concentrate more on growing and developing our business.
Choosing Harper James was one of the best choices we made as a start-up. The firm has provided invaluable advice and insight throughout the early stages of our business.
Our solicitor at Harper James, Sarah, was really effective with the time over the phone and used the time to provide us with direct advice – no faff and her advice really helped us to do the next steps. She followed up quickly and delivered the document really quickly too, it is fantastic to have lawyers that are reliable and are responsive too. I am very happy with our experience with Harper James!
For us, the support of Harper James Solicitors has been a gift. The collaboration we have had has been of tremendous importance. The service has been superb value for money.
Quite frankly I was stunned at the low cost of the service given the value it provided us.
It's very cost efficient and fast. I have enjoyed talking to everyone in the company as they are not only knowledgeable but can also relate to the situations that I need assistance with. Very happy!
Knowing you have that level of legal support enables any new business to be able to move forward with more confidence. With Harper James we have that – and more.
Our scale of growth would not have happened without the support of Harper James.
Harper James have become a vital part of our business. We get quality advice from experienced solicitors at prices that other firms do not appear to be able to match.
Harper James have been incredibly professional and responsive. They immediately understood the challenges we have. Not only those of any small business, but those relating to building a piece of complex tech, and they have been able to help us navigate that from a legal perspective.
9/10 Great communication and speed
Harper James solicitors don’t speak in the legalese which I have heard too many times from other solicitors and which is totally unhelpful. What I’m after is focused, considered advice about the specific situations that I face. By which I mean, do you think this is a good idea? Their response might be ‘Yes’ or ‘No’. One word is often all I’m looking for! My solicitor gives a view and I really value that.
Harper James provides my small growing business with a scalable, reliable, team-oriented approach to legal advice. Whenever we face a problem, I know that Harper James are there to provide helpful and cost-effective advice, to scope out the options, make clear the costs and risks, and give me the information I need to make decisions.
Data protection impact assessment checklist – the essential
Remember that an impact assessment is a compliance tool designed to identify and reduce the risks involved in a particular project you intend to carry out. A properly considered and completed DPIA demonstrates that you have taken the necessary steps to avoid harming individuals through your data processing. You should:
- Provide a description of the processing – what is it for?
- Ask relevant staff about their processing activities: can they suggest what risks might arise?
- Obtain advice from your data protection officer.
- Confirm that the processing is necessary and proportionate.
- Set out how you intend to comply with GDPR principles.
- Assess the likelihood of harm to individuals.
- Identify ways to remove or reduce risk.
- Keep a record of all decisions that informed the DPIA.
- Ensure that precautionary measures identified in the DPIA are implemented before processing occurs.
Benefits of data protection impact assessments under the GDPR
Increased awareness of data processing
DPIAs encourage employees to think about the implications of their data processing activities, and in particular the risk of harm to individuals their work may cause.
Builds trust and confidence in your business
You don’t have to publish a completed impact assessment. However releasing the documentation – for example on your website – is a clear signal that you take data security seriously and will increase consumer trust.
The data protection impact assessment procedure is designed to reduce the risk of harm to individuals. But a properly considered DPIA can also provide your business with compliance and financial benefits by reducing the risk of serious data breaches and regulatory sanctions.
Who we help: Businesses carrying out high volume data processing
A data protection impact assessment form is only required when your data processing is likely to result in a high risk to the rights and freedoms of individuals. And it is only if you can’t mitigate the risks that you need to consult with the ICO prior to carrying out the processing. At Harper James Solicitors, we have the expertise to identify risk and advise on mitigation. We are familiar with how the regulator approaches high risk processing and can liaise with officials there when your DPIA identifies a high level of risk that can’t be reduced.
Examples of our work
TikTok to face the music for possible children’s data breach
7 January 2021
A 12-year-old British girl is planning legal action against video-sharing giant TikTok, in a case which could have major repercussions for social media companies and …
Why choose Harper James Solicitors?
If you are embarking on large scale data processing and you are concerned about the risk to individuals get in touch with us. We offer general advice on the occasions when a DPIA is essential as well as on those instances where one may be desirable. We can also assist with the DPIA itself, advising you on the steps you need to take, who you need to involve and the issues you need to raise to ensure your DPIA is effective. We have a specialist team of solicitors, regularly engaged in training and advising commercial clients and their staff on all aspects of GDPR compliance.
As a fully integrated commercial law firm we can also provide you with support across a range of services to help your business go from strength to strength. With a deep understanding of the inner workings of growing businesses, we can provide you with all the legal support you will need to thrive.
Find out more about the team here:
As a previous partner at DLA Piper, Sarah comes with a rich pedigree in providing expert commercial services for her clients.View profile
IP & Commercial Technology Partner
Before joining us Rob worked for Santander bank as an IP/brand management lawyer and also at Shakespeare Martineau.View profile
Data protection and privacy solicitor
With a wealth of expertise in privacy, data protection, GDPR and cyber-security law, Clive’s distinguished legal career spans three decades in private practice and the public sector.View profile
Rana is a commercial solicitor specialising in commercial contracts, data protection and financial services.View profile
IT & Commercial Solicitor
With over 15 years of in-house experience in the IT sector, Rob specialises in drafting and negotiating all manner of commercial agreements.View profile
Commercial Technology & Data Protection Solicitor
David is a commercial solicitor, specialising in technology and data protection. He joins us having worked as in-house counsel for the BBC and OUP.View profile
Our three transparent pricing packages are designed to give you the widest possible access to high-quality legal advice, whatever the size and nature of your business:
Straightforward access to senior solicitors at a competitive rate.
An affordable solution for businesses needing one-off legal support. Receive ‘City’ partner-level expertise at a fraction of ‘City’ prices.
Have legal peace of mind for £189 per month with additional support from £99 per hour.
A monthly subscription legal support package specifically designed for start-ups and smaller businesses.
For businesses requiring 60+ hours of support a year, with prices equivalent to £99 per hour.
Fully account managed quarterly subscription service for businesses with more complex legal needs.