Records of Processing (Article 30) Guidance

Article 30 of the General Data Protection Regulation (GDPR) requires Data Controllers to maintain a Record of Processing Activities (RoPA) under their responsibility. Article 30 GDPR prescribes the information the records must contain and states that controllers and processors must be in a position to provide such records to the Data Protection Commission (DPC) on request. The Records of Processing Activities (RoPA), as a measure to demonstrate compliance, is one of the means by which Data Controllers demonstrate and implement the principle of accountability as set out in Article 5(2) GDPR. A well drafted RoPA will demonstrate to the DPC that a Data Controller is aware of, and has considered the purpose of, all processing activities taking place within the organisation.

This guidance should assist controllers with compliance with Article 30 of the GDPR.

Full Guidance Note here (PDF).