Record of Processing Activities
The Record of Processing Activities (ROPA) is requirement of most organisations as defined in article 30 of the GDPR. Even if not required by law the ROPA forms the baseline for data protection compliance as it allows an organisation to evidence where personal data is used and identifies data usage risk.
By establishing a small network of data champions your organisation you can determine where data is processed. This allows your Data Protection Officer (DPO or equivalent) to obtain a holistic view and provides the ability to demonstrate compliance.
The ROPA can be updated through our Activity Workflow, allowing your Data Champions to update in a natural way, through workshops, one to ones or lone assessments. Dynamic screen building, natural language and help text assists as they progress.
As information is added to the ROPA risks are identified and added to your risk log. ProvePrivacy provides user feedback throughout. Our assisted assessments inform action plans and provide guidance on whether an activity should be referred to the DPO.
Identify where your risks are at a glance, identify which department, supplier or activity requires further remediation and receive recommendations for next steps.
The data sharing assessment allows allows you to understand where personal data is shared with your suppliers. It enables you assess the compliance of your contracts, demonstrate that your data remains secure and even store supplier documentation alongside the supplier assessment.
The Data Management assessment allows you to identify where data is stored in your organisation both whilst it is ‘in use’ and ‘in retention’ and informs your data retention periods and rationale.
High Risk & DPIA
It is one thing having a Data Protection Impact Assessment (DPIA) template, but when do you need to complete it. Our high risk assessment uses the information that you have entered about an activity to highlight when a DPIA is needed and it then walks you through the process of assessing the risk.