Why all companies need Record of Processing Activities

2 years ago

13 July 2021: New white paper from The DPO Centre on RoPA

In response to rising demand, The DPO Centre, the UK’s data protection officer resource centre, has produced a white paper outlining best practice for building a Record of Processing Activities (RoPA) document.

The paper provides clarity on the requirements and step-by-step guidance for organisations looking to document their processing activities.

Whilst the GDPR mandates that only organisations with more than 250 employees are required by the law to create a RoPA, all companies wanting to better understand their data processing landscape are encouraged to construct a RoPA. The DPO Centre’s new white paper, which features helpful sample templates and outlines a step-by-step approach to implement a RoPA, starts with the question, why do you need (or want) a RoPA? It helps establish the resources required, the level of input needed by management and outlines the content to potentially include.

When asked why constructing a RoPA is so important, Rob Masson, CEO of The DPO Centre answered “Being able to demonstrate compliance requires organisations to be more transparent than ever before about their processing of personal data. Building your Records of Processing Activities is therefore a key element in enabling you to meet this requirement.”

He added, “Creating a document detailing the basis upon which your organisation passes personal information between departments, group companies and 3rd parties is a crucial aspect of building trust with those who wish to engage with your organisation. Building a RoPA will take time and will need to involve each of your department heads and information asset owners, but the reward is a much better understanding of your processing and any associated risks.”

Results from this quarter’s UK Data Protection Index, a quarterly online survey sponsored by The DPO Centre, asks its panel of over 400 UK Data Protection Officers to indicate their biggest data protection challenges. Consistently in the top three of these concerns is accountability.

Since coming into force in 2018, the GDPR has required organisations to be accountable for the personal data they process. To achieve this, there has to be a robust compliance framework in place. The responsibility lies with the Data Controller (i.e. the organisation responsible for deciding the means and purpose of processing), to ensure adequate records are kept to demonstrate that you comply with the accountability requirements of the legislation.

To find out more: https://www.dpocentre.com/ropa-white-paper/

ENDS

Notes to Editors

Founded in 2017 by Rob Masson, The DPO Centre is the UK’s leading independent data protection resource centre, offering expert advice and ensuring organisations have access to the level of knowledge and expertise they require to comply with the highest standards of privacy and data protection. 
Follow The DPO Centre on LinkedIn https://www.linkedin.com/company/dpo-centre/

About The DPO Centre

Founded in 2017 by Rob Masson, The DPO Centre is the UK’s leading independent data protection resource centre, offering expert advice and ensuring organisations have access to the level of knowledge and expertise they require to comply with the highest standards of privacy and data protection.  Follow the DPO Centre on LinkedIn https://www.linkedin.com/company/dpo-centre/ The DPO Centre’s services include: • Providing outsourced Data Protection Officers on a ‘fractional’ basis (so 1 to 8 days per month) that become integral and trusted members of the client’s team • Interim and overflow resources to support and extend existing compliance teams • EU and UK representation as required by Article 27 of the GDPR • and a full range of privacy and data protection consultancy and training services to companies across all sectors in the UK.