Data Mapping and Record of Processing Activities (ROPA)

Data Mapping GDPR

Under Article 30 of GDPR, every data controller and data processor is required to keep a record of their processing activities including the purpose, a description of the data subjects’ categories, information about whether personal data was transferred to a third party and details of any appropriate data safeguards in place.

HewardMills supports its clients with data mapping and keeping Records of Processing Activities (RoPA). Organisations with 250 or more employees must document all their processing activities, while those that employ fewer than 250 people, need only to document processing activities that:

  • Are not occasional (e.g, are more than just a one-off occurrence or something you do rarely);
  • Are likely to result in a risk to the rights and freedoms of individuals (e.g, something that might be intrusive or adversely affect individuals); or
  • Involve special category data or criminal conviction and offence data (as defined by Articles 9 and 10 of GDPR).

HewardMills helps its clients to comply with data protection regulations, including: GDPR, ePrivacy laws, local laws  (for multi-jurisdictional organisations), cybersecurity requirements, as well as legal and regulatory requirements arising from emerging technologies such as blockchain.

We are a multi-disciplinary team of data protection practitioners, lawyers, corporate governance and cyber security experts, with a wealth of knowledge delivering data protection excellence and trust to you and your organisation.

If you would like to learn more about how HewardMills helps organisations handle and process data safely, securely and responsibly in line with international policies and regulations, please get in touch via telephone (+44 (0) 20 3367 1245 or +353 (0) 1669 4642), or email dpo@hewardmills.com today.

Data Mapping GDPR

Under Article 30 of GDPR, every data controller and data processor is required to keep a record of their processing activities including the purpose, a description of the data subjects’ categories, information about whether personal data was transferred to a third party and details of any appropriate data safeguards in place.

HewardMills supports its clients with data mapping and keeping Records of Processing Activities (RoPA). Organisations with 250 or more employees must document all their processing activities, while those that employ fewer than 250 people, need only to document processing activities that:

  • Are not occasional (e.g, are more than just a one-off occurrence or something you do rarely);
  • Are likely to result in a risk to the rights and freedoms of individuals (e.g, something that might be intrusive or adversely affect individuals); or
  • Involve special category data or criminal conviction and offence data (as defined by Articles 9 and 10 of GDPR).

HewardMills helps its clients to comply with data protection regulations, including: GDPR, ePrivacy laws, local laws  (for multi-jurisdictional organisations), cybersecurity requirements, as well as legal and regulatory requirements arising from emerging technologies such as blockchain.

We are a multi-disciplinary team of data protection practitioners, lawyers, corporate governance and cyber security experts, with a wealth of knowledge delivering data protection excellence and trust to you and your organisation.

If you would like to learn more about how HewardMills helps organisations handle and process data safely, securely and responsibly in line with international policies and regulations, please get in touch via telephone (+44 (0) 20 3367 1245 or +353 (0) 1669 4642), or email dpo@hewardmills.com today.

Let’s work together

Contact us

Let’s work together

Contact us