Rowpa
How it worksFeaturesTrustPricingBlogSign inStart free trial
For UK solicitors and small law firms

GDPR your COLP would actually trust.

Your firm holds client confidentiality at its core and personal data on top of it. Both have rules. Both intersect. Rowpa is the working tool that produces the ROPA, vendor DPAs, privacy policy, DSR procedure, and DUAA-ready complaints procedure, all aligned with SRA and Law Society guidance.

Book a 20-minute walkthroughStart free trial

The shape of the problem

You're a controller for some processing (matter management, billing, client onboarding) and a processor for others (acting on client instructions during a matter). Some data is special-category. Some is privileged. The cross-border data flows of a typical commercial matter are non-trivial. Your professional indemnity insurer would like to know you have a written policy and a complaints procedure. The SRA would like to know the same. The ICO would prefer to never know your firm exists.

The Law Society's GDPR guidance is detailed but not a tool. The ICO's guidance is thorough but generic. Your firm's last GDPR review was probably in 2018. DUAA hits 19 June 2026.

What Rowpa builds for you

Article 30 ROPA tailored to a legal practice
AI classifies the matter management, billing, client onboarding, marketing, employee, and supplier data flows. Special-category handling is flagged separately. Every entry has a legal basis, retention period, and security measures.
Vendor DPA register for your stack
Clio, Leap, Actionstep, iManage, NetDocuments, Tessaract, Insight Legal, Quill, MyCase, all in the vendor library with verified DPA URLs, sub-processor lists, transfer mechanisms.
Privacy notice that reads like a solicitor wrote it
Not a template. Generated from your ROPA, plain English, ICO-aligned, the kind of notice that wouldn't embarrass you in a regulatory submission.
DUAA complaints procedure ready for 19 June
Public intake form, 30-day SLA tracking, audit trail. Separate from your firm's broader complaints procedure but cleanly named so they don't conflict.
DSR workflow with AI-drafted responses
Subject access request comes in? AI drafts a response from your ROPA, with legal reasoning and ICO references. You review, edit, send. 30-day deadline tracked.
Public Trust Center URL
Share in client onboarding packs and tender responses. ROPA summary, sub-processors, security overview, privacy policy, DSR submission, complaints intake.

How this fits with what you already do

We're not replacing your COLP, your DPO consultant, or your insurer. We're producing the documents and tracking the deadlines they all want you to have.

COLP can produce a real ROPA on demand for an SRA inspection. DPO consultant gets a working baseline to advise on rather than building from scratch. Insurer sees a documented complaints procedure and a recent ROPA review date. Junior fee earner who used to spend a Friday afternoon on the GDPR folder gets that time back.

Pricing

Growth £149/mo for typical 2-15 fee-earner firms. Includes everything in Starter plus site scanner, DPIA tool, breach response planner. Agency £299/mo for multi-office firms or firms acting as joint controllers with multiple SMEs. Starter (£49) is technically available but most firms will need Growth.

Start free trial See all plans

Common questions

Is Rowpa a legal compliance tool?
No. It is a working tool that produces compliance documentation. We don't give legal advice and don't claim to replace your DPO consultant or counsel.
Does it cover SRA-specific requirements?
We cover GDPR. SRA-specific rules (record-keeping obligations under the SRA Codes of Conduct and Accounts Rules) sit alongside what Rowpa produces.
How does this work with iManage / NetDocuments / Clio?
Our vendor library includes the major legal practice management and DMS tools with their DPAs, sub-processor lists, and transfer mechanisms. You add them to your ROPA in two clicks.
What about privileged data?
Privilege is a matter for your firm and the courts. Rowpa documents data-protection compliance. The two layers coexist; we don't ask you to disclose privileged content to use the product.
Can we host Rowpa in the UK rather than the EU?
Rowpa is currently hosted in Frankfurt (EU). For a UK-only hosting option, contact us; we can discuss an enterprise plan.
How does this prepare for a peer review?
Export a compliance report as a PDF at any time. ROPA snapshot, vendor DPAs, privacy notice, breach register, DSR log, complaints log, audit trail.
DUAA hits 19 June. Your firm should be ready in an afternoon.

Sort it once. Show it to the SRA, your insurer, and your clients.

Book a 20-minute walkthrough