Organisations are required to maintain a record of processing activities as part of a legal requirement under Article 30 of the GDPR/ UK GDPR. What this means, is that you are required to keep a record of what processing activities you undertake.
Unless you meet the above exemptions, you need to have a ROPA. It is a living document, meaning it needs to be updated whenever you carry out a new processing activity. What this means for you, is it is not only enough to have a ROPA, you need to know how it works and how to update it. It should be an overview of the key information you process in which you can identify risks.
Getting started on a ROPA, or getting good practices in place for updating it and training staff to update it can be daunting. Thankfully, that’s where we come in. We know ROPAs inside and out, and can help train and teach your staff to learn how to update the document and ensure it truly is a living document. We can either improve your existing ROPA, or work with you to build one from scratch.
Choosing us helps you stay compliant with data protection legislation. We offer a free 30-minute consultation meeting if you have any questions around your ROPA and how we can help, so feel free to contact us today.
There are exceptions for organisations who:
Whilst a ROPA tracks all processing activities you undertake, an Information Asset Register tracks all information assets you as an organisation process. Similarly to a ROPA, this tracks all information on how data assets are stored, processed and shared.
Having an IAR helps your organisation improve its understanding and visibility about all the information assets you hold. This can help you find documents quickly, and help demonstrate compliance to organisations you partner with, or where you are required to show such documentation to the ICO or statutory bodies in your field.
Having an IAR in place helps you:
Much like a ROPA, this can be a daunting document to start out from, or you may have gaps in the comprehensiveness of your IAR.
At IGS, we work with IARs on a daily basis and can assist you in the following ways:
Whatever your need is, we are confident that we can help you improve your compliance and organisational visibility of your data assets.
We provide a full data protection and information governance consultancy service to all our clients who engage with us. We provide flexible packages and services to make sure that you only pay for what you need, and so you aren’t paying for unnecessary services. Whatever you and your organisation need, we are here to help.