DG Legal: Data Audits and Data Protection Impact Assessments Course: A Practical Guide for Law Firms

This practical course explains how and why law firms should carry out data audits and Data Protection Impact Assessments (DPIAs), focusing on proportionate compliance rather than technical or overly legalistic approaches.

The session demystifies what a data audit is, how it differs from a DPIA, and when each is required under UK GDPR. Participants will be guided through how to identify the personal data their firm holds, understand why it is processed, assess legal bases, spot unnecessary or high-risk processing, and address common weaknesses such as over-retention, insecure storage, and unclear data sharing arrangements.

The course also explores when a DPIA is required, how to approach it in a law firm context, and how DPIAs support better decision-making around new systems, technology, outsourcing, and changes to working practices. Throughout, the emphasis is on creating simple, usable records that help manage risk, demonstrate accountability, and withstand regulatory scrutiny from the ICO or SRA.

Target Audience

• Partners, directors, and owners of law firms

• Compliance Officers for Legal Practice (COLPs) and Compliance Officers for Finance and Administration (COFAs)

• Practice managers and office managers

• Senior fee earners involved in introducing new systems, processes, or suppliers

This course is particularly suited to firms without in-house data protection specialists.