ROPA – RECORD OF PROCESSING ACTIVITIES
RECORD OF PROCESSING ACTIVITIES SERVICES
The General Data Protection Regulation obligates, as per Article 30, written documentation and overview of procedures when personal data is processed. Records of Processing Activities (ROPA) must include information about data processing, including data categories, the group of data subjects, the purpose of the processing and the data recipients.
This must be made available to authorities upon request and must be kept as a living document and added to when business processes change involving personal data.
Our Record of Processing Activities services provide your organisation with a fully documented ROPA tailored specifically for you. This incorporates all of the requirements from the legislation and which is in line with ICO guidance.
We have been creating ROPAs and Information Asset Registers for organisations since the GDPR was first introduced, and have completed many of them in different industries.
At DPAS we work with your teams every step of the way in the ROPA process. This ensures we capture all of your business processes and can document all the requirements.
PEACE OF MIND
Outsourcing this service ensures that you are confident your Record of Processing Activities will be compliant to Article 30 of the GDPR, and in line with ICO guidance.
HERE WHEN YOU NEED US
You can call on us at any time after we complete your project if staff are unsure how to maintain the ROPA or you need assistance with updating it.
- Dedicated business analyst to create your ROPA from scratch.
- Six months software access whilst we are creating the ROPA for you (if you choose to use the platform).
- Training for staff on how to maintain and update the ROPA in the future.
- Risk plan highlighting actions that need to be completed within each department such as when a DPIA needs to be completed.
- Delivery of the ROPA onsite to the Board, project leads, information asset owners, data protection manger or similar.
- Report on our findings within the ROPA, addressing gaps and risks.