The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Record of processing activities (ROPA)

Your organisation has a formal, documented, comprehensive and accurate ROPA based on a data mapping exercise that is reviewed regularly.

Ways to meet our expectations:

  • You record processing activities in electronic form so you can add, remove and amend information easily.
  • Your organisation regularly reviews the record against processing activities, policies and procedures to ensure that it remains accurate and up to date, and you clearly assign responsibilities for doing this.
  • You regularly review the processing activities and types of data you process for data minimisation purposes.

Can you answer yes to the following questions?

  • Would staff say that you have effective processes in place to keep the record up to date, accurate and make sure that the data is minimised?
  • Could staff explain their responsibilities and how they carry them out in practice?