PRACTICE NOTE
What is a ROPA?
The record of processing activities (ROPA) is a record of an organisation’s administration and business activities that involve the processing of personal data. A copy of your organisation’s ROPA must be made available, upon request, to the Information Commissioner’s Office (ICO) or to a supervisory authority in an EU Member State via your EU Representative.
Article 4 of the UK General Data Protection Regulation (‘UK GDPR’) defines ‘processing’ as ‘’any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction’’.