White Paper: Guide to building a Record of Processing Activities (RoPA)


Since coming into force in 2018, the European General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) (and since the 1st of January 2021, the UK GDPR (GDPR)), have required organisations to do more than ever before in terms of their data protection and information security practices. An important part of this has been the demand for accountability, which is one of the seven data protection principles outlined in Article 5, with which all organisations under the GDPR must comply.

A key part of complying with the demands for accountability and transparency for most organisations is building and maintaining a Record of Processing Activities (RoPA). Depending upon the size of the organisation and the processing activities it undertakes, these documents can be very large and complex. They can also be very time-consuming to create as there are many steps involved, including:

  • Understanding your processes and data processing
  • Risk appraising
  • Identifying Data Processors, data sharing and international transfers


This informative free-to-download white paper will provide you with a clear roadmap to building your own RoPA. It covers:

  • What a RoPA is
  • Which organisations should have a RoPA and the reasons why
  • How to create a RoPA
  • How to maintain a RoPA


If you would like advice on how to build and maintain your RoPA, or any other data protection related issue you are facing, please contact us.

Download the white paper:

RoPA 3page graphic v1