The documented inventory of an organization's personal data processing activities, required by the GDPR.
Records of Processing Activities are a structured inventory of how an organization processes personal data. Each record covers the purposes, categories of data and data subjects, recipients, transfers, retention periods, and security measures.
Maintaining a RoPA is a GDPR accountability requirement for most organizations and is one of the first things a supervisory authority will ask to see.
Related frameworks
KaitoSec