Træk en fortegnelse over dine behandlingsaktiviteter

GDPR & Privacy Draw a record of your processing activities

If your company or organisation processes personal data, you must draw a record of your processing activities. A record is a report, you e.g. must be able to present to the Danish Data Protection Agency, from which it is described which processing activities you carry out in your company.

The regulation describes two types of records: article 30.1 as a data controller and article 30.2 as a data processor. If you also act as a data processor, you must draw both types of records.

See Privacy product Start free trial

Introduction to RoPA

Watch our short introduction to the RoPA module in Privacy.

Do you want to try it yourself? Sign up for the free platform here.

Record for data controllers
An article 30.1 record should contain the following information
- Name and contact information of the data controller
- The purposes of the processing
- Categories of data subjects and categories of personal data
- Categories of recipients by transmission
- Transfers to third countries and international organisations
- Deletion periods for the different categories of information
- Description of technical and organisational measures if possible
Record for data processors
An article 30.2 record should contain the following information
- Name and contact information of the data processor and the data controller on whose behalf the data processor is acting
- Categories of processings carried out on behalf of the data controller
- Transfers to a third country or an international organisation
- Description of technical and organisational measures if possible

Advantages of Maintaining a Record of Processing Activities

Having a well-maintained record of processing activities is not only a legal requirement under the General Data Protection Regulation (GDPR), but also offers several benefits to your company or organization. Here are some key advantages of keeping an updated record by hand at all times:

Enhanced Data Protection Compliance: A comprehensive record helps ensure compliance with data protection laws and regulations, including GDPR. It demonstrates your commitment to data protection and makes it easier to respond to requests from regulatory authorities, such as the Danish Data Protection Agency.
Improved Data Management: Regularly updating your record of processing activities allows you to monitor and better understand the flow of personal data within your organization. This can lead to more efficient data management and help you identify areas where data processing can be optimized or streamlined.
Strengthened Accountability: Maintaining a record of processing activities fosters a culture of accountability within your organization. It encourages all team members to take responsibility for the personal data they process and underscores the importance of data protection.
Simplified Risk Assessment: A detailed record can help you identify potential risks and vulnerabilities in your data processing activities. This enables you to take proactive measures to mitigate these risks and protect the personal data of your customers and clients.