<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=656789255406301&amp;ev=PageView&amp;noscript=1">
    ×
    Humberside Police
    Category: Case Study
    Vertical: Police
    Est. read time:

    Improving services for the public is only one part of Humberside Police's digital innovation journey. That same commitment extends behind the scenes, where the force continues to strengthen information governance and the operational processes that support policing every day. One of those was the DPIA process, where a 2022 ICO audit reinforced the need for a more consistent, efficient and compliant approach to handling sensitive data.

     

    The challenge

    Data Protection Impact Assessments (DPIA) sit at the heart of responsible data use in policing, helping forces like Humberside Police to assess risk, protect individuals’ rights, and meet strict legal obligations before any sensitive data is used.

     

    The process, however, wasn't keeping pace. Different project types triggered different assessment routes, with no logic to guide requestors toward the right one, and no structured framework to shape what they entered. Business leads frequently submitted incomplete or inconsistent applications, sending reviews backwards before they had properly begun. Supervisors and DPIA officers, meanwhile, had no single view of what was in progress, who owned what, or where things stood.

     

    What made it harder still was how disconnected the surrounding experience had become. Notifications were manual, data entry was repeated across steps, and the DPIA process sat apart from the wider systems and tools the force was already using. When gaps appeared, as they often did, requestors, approvers, and reviewers resolved them outside the process entirely, creating dependencies on workarounds that slowed everything down.

     

    The solution

    As part of Humberside Police's wider digital innovation programme, we partnered with the force to reshape the DPIA process so it worked with teams, not against them. That meant starting with how people already worked, then building the technology around it.

     

    Built on Salesforce Experience Cloud, our DPIA solution brings the entire lifecycle into a single, connected environment, from initial request through to approval, mitigation, and ongoing monitoring.

     

    Each role gets a clear, consistent way to engage with the process, with a structured workflow replacing the disconnected tools and manual handovers that had slowed things down.

    • For business leads, forms auto-select based on project type, fields auto-populate to reduce rework, and save-and-return functionality means submissions can be completed without losing progress.

    • For supervisors, real-time notifications flag when applications are ready for review, with full visibility into where each one sits in the process supporting faster, more confident decisions.

    • For DPIA officers, a centralised dashboard tracks all live assessments, while automated follow-ups on risk mitigation actions and a self-building audit trail keep compliance on track without extra manual effort.

     

    With each role operating inside the same workflow, the back-and-forth that once spilled into email and phone calls is largely eliminated. Information is captured consistently from the start, handovers happen within the process, and there is always a clear record of what has happened and what still needs to happen.

     

    DPIA process

     

     

    How we made it work

    Having already worked alongside the Humberside Police team across several projects, we came into this one with an established way of operating: one team, shared goals, no handover culture.

     

    Collaborative workshops with DPIA officers, business leads, and Information Governance Unit (IGU) staff set the direction early. An agile delivery approach kept things iterative, with regular feedback loops ensuring the solution reflected how people actually worked rather than how it looked on paper. To keep access simple and secure, Azure Active Directory Single Sign-On was integrated so staff could authenticate using their existing force credentials, removing the need for separate account management entirely.

     

    Automation handled the process overhead that had previously fallen to people. Workflows route DPIAs to the relevant IGU experts automatically, and queries are raised and responded to directly within the case record rather than across separate email threads. Throughout, compliance with DPA 2018 and UK GDPR shaped every decision, with the recommended actions from the external audit providing a clear framework to build against.

     

     

    Impact at a glance

    Whilst the results speak for themselves in how teams now experience the process, the numbers behind the change tell their own story.

    • The automated process has supported 110 record submissions to date, achieving a 40.9% close rate.

    • An average of 5.6 applications submitted each month, creating a consistent and scalable workflow for ongoing demand.

    For a force operating under the data obligations policing carries, these are not efficiency gains in isolation. A DPIA process that runs as it should means sensitive data is handled more consistently, decisions are better evidenced, and the compliance record is always there when it needs to be. That is the kind of foundation that does not just make day-to-day work easier, it protects the force, the people it serves, and the integrity of every decision made along the way.

     

     

     See how Humberside Police is continuing to modernise its services. Read about our work to enhance the victim journey through technology.

    Momentum gained

    Since going live, the way Humberside Police handles DPIAs has changed in ways teams notice day to day. Submissions come in more complete, reviews move forward without being sent back to fix the same gaps, and the chasing and piecing together that once happened across email threads and phone calls has largely disappeared. Ownership is clearer, handovers happen inside the process, and there is always a single place to see what is in progress and what needs attention.

     

    That shift matters beyond efficiency. When the process runs as it should, sensitive data is handled more consistently, decisions are better evidenced, and the compliance record builds itself as work moves through each stage. For a force operating under the data obligations policing carries, that is a major gain.

     

    As Humberside continues to evolve how it manages data and compliance, the solution provides a platform to build from, one already embedded in how the force works rather than sitting alongside it.

     

     
    Humberside Police force

    Book a call -  Strengthen your DPIA process and data governance

    Infomentum | Making change work

    About Us

    We are passionate and share the joy of igniting ideas to fuel business visions. We are confident and are not afraid to boldly go where we’ve never been. We are also very friendly and approachable people who love to solve problems. Give our curious intelligent learners a challenge and we will make it work.

    More Links

    Contact Us

    [fa icon="phone"]+44 (0)203 743 8014

    [fa icon="phone"]+44 (0)203 875 5669 (Support)

    [fa icon="envelope"]info@infomentum.co.uk

    [fa icon="map-marker"]7th Floor
    68 King William Street
    London, EC4N 7HR, UK
    Copyright © 2026 Infomentum. All rights reserved.
    [fa icon="chevron-up"]