GDPR article 30 – Records of processing activity – ROPAs

The GDPR requires organisations to maintain a Record Of Data Processing Activity, often called a ROPA. This obligation applies to both controllers and processors and their representatives under article 28 (where applicable). There is an exemption for an organization which employs fewer than 250 people, however this will not apply where the processing: is likely […]