In this module, we will explore what records management entails, its significance in data protection compliance, and will conduct a deep dive into some of its key components. This includes records of processing activities (‘ROPAs’), information asset registers (‘IARs’) and record retention. Section 1 of this module will cover ROPAs – their significance in records management and their role in enhancing the ability of organisations to locate and retrieve personal data records efficiently. Section 2 dives deeper into ROPAs, exploring their content, exemptions, available templates, methods for populating ROPAs, and strategies for maintaining them. Section 3 evaluates IARs — exploring their advantages, distinctions from ROPAs, methods for populating them, and strategies for maintenance. Finally, section 4 will discuss record retention and deletion, examining the true meaning of record retention, how to determine the duration records need to be maintained based on legal, regulatory, and operational requirements, and how to ensure the secure and compliant destruction of records once their retention period has expired to prevent unauthorised access.