Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How do I manage Processing Activities (RoPA)?

            Created by Aaron McPherson, Modified on Sat, 21 Feb at 9:38 AM by Aaron McPherson

            Under GDPR Article 30, every organisation must maintain a written record of all processing activities carried out under its responsibility. DataShield HQ provides a dedicated Processing Activities register with one-click PDF export to satisfy this requirement.

            Viewing the register

            1. Log in to your DataShield HQ workspace.
            2. Click Processing Activities in the left-hand navigation menu (under Compliance).
            3. You will see a searchable data grid listing all recorded activities with their name, legal basis, controller, international transfer status, and last review date.

            Adding a new processing activity

            1. On the Processing Activities page, click New Activity.
            2. Fill in the activity details:
              • Name (required) — A descriptive name (e.g. “Employee payroll processing”).
              • Legal Basis (required) — The lawful basis under GDPR (e.g. Legitimate Interest, Consent, Contract, Legal Obligation).
              • Controller Name — The data controller responsible.
              • DPO Contact — Contact details for your Data Protection Officer.
              • Controller Address — Registered address of the controller.
              • Purpose — Describe the purpose of this processing activity.
              • Security Measures — Technical and organisational measures applied.
              • International Transfer — Toggle on if data is transferred outside the EEA, then provide the Third Country and Transfer Safeguards (e.g. Standard Contractual Clauses, Adequacy Decision).
              • Data Subject Categories — Comma-separated list (e.g. “Employees, Contractors”).
              • Recipients — Comma-separated list of data recipients.
            3. Click Create Activity.

            An audit log entry is created automatically.

            Editing or deleting an activity

            • Click the Edit icon on any row to update an activity’s details.
            • Click the Delete icon and confirm to remove an activity.

            Exporting the Article 30 PDF

            1. Click Export PDF at the top of the page.
            2. A PDF named ropa-article30.pdf will download automatically.
            3. The PDF contains a formatted register of all processing activities with full details — suitable for presenting to your supervisory authority on request.

            Tips

            • Review your register at least annually and update the Last Reviewed date.
            • Link processing activities to your Data Protection Impact Assessments and Vendor Register for a complete compliance picture.
            • The PDF export includes all activities regardless of any active search filter.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0