This ROPA (Record of Processing Activities) template includes eighteen fields to help your company maintain data privacy readiness, or an ongoing state of awareness and effort to be privacy compliant.
The Record of Processing Activities is required by Article 30 of the GDPR. In plain English, Article 30 means that companies must maintain a thorough, written record of how they use data in their organization: who uses it, how, why, when, and for what purpose.
Our ROPA template is a great starting point for companies of all sizes interested in data privacy compliance and data governance. To give you a comprehensive view of your data, the template includes non-mandatory and mandatory fields like:
Data processing activity
Department responsible for that activity
Who is ultimately responsible for the activity
Which types of data are used in the activity
Purpose of processing
Categories of data subjects
Which departmental processes should be
documented in a ROPA template?
An employment offer letter
Onboarding an employee
Reward program processing
Data in marketing automation software
Data across email, social, and loyalty databases
3rd party campaign data
Customer data in 3rd party CRM software
Phone, SMS, email, and social media messages
File management processing and storage
Data in cloud-based platforms
Backup of data to cloud-based object storage
Messages in applications and microservices