ROPA - Record of Processing Activities
A ‘ROPA’ is a record of an organisations processing activities that involve the use of personal data. However, this doesn’t just mean data which you are actively using, but also data you are holding, but not currently in use.
A ROPA includes (but is not limited to) the following information for each processing activity:
• Names and contact details of the data controller, data processor, data controller’s representative, joint controller, and data protection officer (DPO), if applicable
• Purpose (i.e., lawful basis) of processing personal data
• Categories of data subjects and categories of personal data being processed
• Categories of recipients to whom the personal data has been or will be disclosed
• Third parties in other countries or international organisations who receive the personal data
• Retention schedule for each category of personal data
• General description of technical and organisational security measures related to each processing activity