Records of Processing Activity
Proactive Compliance with ROPA
Record of processing activity (ROPA) is a requirement first introduced in Article 30 of the General Data Protection Regulation (GDPR) that states, “Each controller, and where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.” It is a general overview outlining all data processing activities and processes done within an organization and the use of third parties. Internal data processing is usually done by a controller who determines the purposes and means by which data is processed. Third-party data processing is done by a controller’s representative or data processor who carries out the actual processing of the data under the specific instructions of the data controller.
To comply with GDPR, ROPA must be “ready to present to authorities” if they were to make a request for it, an audit occurs, and a data breach. As data processing procedures change, it is important to maintain and update your ROPA report. Pre-existing, automated data discovery and data mapping solutions can supplement the ROPA reporting process.
ROPA made easy
Track, log, report on your processing activities
Q3 2022 Research Report – 9,827 companies researched