Record of Processing Activities (ROPA) & Information Asset Registers (IAR)

Legally Trained Consultants

What is a Record of Processing Activity (ROPA) and do I need one?

Organisations are required to maintain a record of processing activities as part of a legal requirement under Article 30 of the GDPR/ UK GDPR. What this means, is that you are required to keep a record of what processing activities you undertake.

Unless you meet the above exemptions, you need to have a ROPA. It is a living document, meaning it needs to be updated whenever you carry out a new processing activity. What this means for you, is it is not only enough to have a ROPA, you need to know how it works and how to update it. It should be an overview of the key information you process in which you can identify risks.

Getting started on a ROPA, or getting good practices in place for updating it and training staff to update it can be daunting. Thankfully, that’s where we come in. We know ROPAs inside and out, and can help train and teach your staff to learn how to update the document and ensure it truly is a living document. We can either improve your existing ROPA, or work with you to build one from scratch.

Choosing us helps you stay compliant with data protection legislation. We offer a free 30-minute consultation meeting if you have any questions around your ROPA and how we can help, so feel free to contact us today.


There are exceptions for organisations who:

  • Have fewer than 250 persons; AND
  • The processing activities you undertake is unlikely to result in a risk to the rights and freedoms of data subjects; or
  • The processing is only occasional; or
  • Do not process special category data; or
  • Do not process data relating to criminal convictions.

Whilst a ROPA tracks all processing activities you undertake, an Information Asset Register tracks all information assets you as an organisation process. Similarly to a ROPA, this tracks all information on how data assets are stored, processed and shared.

Having an IAR helps your organisation improve its understanding and visibility about all the information assets you hold. This can help you find documents quickly, and help demonstrate compliance to organisations you partner with, or where you are required to show such documentation to the ICO or statutory bodies in your field.

Having an IAR in place helps you:

  • Demonstrate compliance;
  • Improve understanding and visibility on data assets;
  • Minimise business risks from the information you process.

Much like a ROPA, this can be a daunting document to start out from, or you may have gaps in the comprehensiveness of your IAR.

At IGS, we work with IARs on a daily basis and can assist you in the following ways:

  • Provide you with templates;
  • Train your staff on what information assets are, what an information asset register should look like;
  • Work with staff to complete an information asset from scratch;
  • Work with staff to improve and expand upon existing IARs;

Whatever your need is, we are confident that we can help you improve your compliance and organisational visibility of your data assets.

Legally Trained Consultants

What is an Information Asset Register (IAR) and why do I need to have one?

We are here to assist:

Our Services

We provide a full data protection and information governance consultancy service to all our clients who engage with us. We provide flexible packages and services to make sure that you only pay for what you need, so you aren’t paying for unnecessary services. Whatever you and your organisation need, we are here to help.

Data Protection Advice and Consultancy

Data Protection Impact Assessment (DPIA)

External Independent Reviews


Data Protection Officer Services

Fair Processing Materials

Data Protection Health Check

Assistance with Policy Development

Data Security and Protection Toolkit (DSPT)

Record of Processing Activities (ROPA) & Information Asset Registers (IAR)

Packaged Services

Other Services

Send Us A Message