Data Protection Impact Assessment (DPIA)

Legally Trained Consultants

Article 35 of the UK GDPR

As an organisation, before you begin processing personal data for a particular project or function, you may be required to undertake a data protection risk assessment (DPIA) under Article 35 of the UK GDPR.

Ask anyone who has had to draft one before, a DPIA is often an extensive and daunting document, particular for those who are not data privacy professionals. That’s where we come in. Undertaking a DPIA is a routine activity for us. We undertake DPIAs on a routine basis, with trained privacy professionals assessing a project or an organisation to calculate the risk involved in processing data for a specific project.


How does our DPIA process work?

  1. We start by talking with you to better understand your organisation, the services you provide, the project itself, and any third party organisations involved in the project. We work by getting as much information as possible from you from the outset, to avoid you spending more time than you communicating unnecessarily with us throughout the review.
  2. Once we everything we need, we are off to work. We will undertake a full DPIA of the project and turn it around in a reasonable amount of time. The time of each DPIA differs depending on the complexity and scope of each project.
  3. If we discover anything new throughout our investigations which require more information, we will engage with you to get everything we need to undertake the review.
  4. Once we have completed the DPIA, we will send it across and arrange for a meeting with any relevant stakeholders with the projects to explain our findings. In the event that you have any comments or reflections, we will take on board all relevant directions and issue a second version of the DPIA which you can share both internally, and externally.

With us, you get the safety and security of trained professionals undertaking a true deep dive in a particular project to assess any associated risks, before they develop. We will undertake a full, comprehensive report of the whole project and feed back the risks you will need to be aware of, and anything which you need to action before the project goes live.

In the event that you need to consult the supervisory authority of a particular project due to a risk that cannot be mitigated, we are able to undertake that consultation for you.

Legally Trained Consultants

safety and security of trained professionals

We are here to assist:

Our Services

We provide a full data protection and information governance consultancy service to all our clients who engage with us. We provide flexible packages and services to make sure that you only pay for what you need, so you aren’t paying for unnecessary services. Whatever you and your organisation need, we are here to help.

Data Protection Advice and Consultancy

Data Protection Impact Assessment (DPIA)

External Independent Reviews


Data Protection Officer Services

Fair Processing Materials

Data Protection Health Check

Assistance with Policy Development

Data Security and Protection Toolkit (DSPT)

Record of Processing Activities (ROPA) & Information Asset Registers (IAR)

Packaged Services

Other Services

Send Us A Message