Data mapping and Record of Processing Activities

Data Mapping GDPR

Under Article 30 of the GDPR, data controllers and processors are required to keep Records of Processing Activities (RoPAs), including the purpose, description of the categories of data subjects, whether personal data was transferred to a third party, and details of any data safeguards that are in place

HewardMills supports its clients with data mapping and keeping RoPAs. Organisations with 250 or more employees must document all their processing activities, while those that employ fewer than 250 people need only document processing activities that:

  • Are not occasional (eg, are more than just a one-off occurrence or something you do rarely);
  • Are likely to result in a risk to the rights and freedoms of individuals (e.g, something that might be intrusive or adversely affect individuals); or
  • Involve “special category data” or “criminal conviction and offence data” (as defined by Articles 9 and 10 of the GDPR).

HewardMills helps its clients comply with data protection regulations, including the GDPR, ePrivacy Directive, local legislation (for multijurisdictional organisations) and cybersecurity laws, as well as with legal and regulatory requirements arising from emerging technologies such as blockchain.

We are a multidisciplinary team of data protection practitioners, lawyers, corporate governance specialists and cybersecurity experts with a wealth of knowledge, delivering data protection excellence to your organisation.

If you would like to learn more about how HewardMills can help your organisation handle and process data safely, securely and responsibly in line with international regulations and policies, please get in touch via telephone (+44 20 3998 1840 or +353 1669 4642), or email dpo@hewardmills.com today.

Data mapping under the General Data Protection Regulation (GDPR)

Under Article 30 of the GDPR, data controllers and processors are required to keep Records of Processing Activities (RoPAs), including the purpose, description of the data subjects’ categories, whether personal data was transferred to a third party and details of any appropriate data safeguards in place.

HewardMills supports its clients with data mapping and keeping RoPAs. Organisations with 250 or more employees must document all their processing activities, while those that employ fewer than 250 people, need only to document processing activities that:

  • Are not occasional (eg, are more than just a one-off occurrence or something you do rarely);
  • Are likely to result in a risk to the rights and freedoms of individuals (eg, something that might be intrusive or adversely affect individuals); or
  • Involve special category data or criminal conviction and offence data (as defined by Articles 9 and 10 of GDPR).

HewardMills helps its clients to comply with data protection regulations, including: the GDPR, ePrivacy Directive, local legislation (for multijurisdictional organisations), cybersecurity laws, as well as legal and regulatory requirements arising from emerging technologies such as blockchain.

We are a multidisciplinary team of data protection practitioners, lawyers, corporate governance and cybersecurity experts, with a wealth of knowledge delivering data protection excellence and trust to your organisation.

If you would like to learn more about how HewardMills helps organisations handle and process data safely, securely and responsibly in line with international policies and regulations, please get in touch via telephone (+44 20 3367 1245 or +353 1669 4642) or email dpo@hewardmills.com today.

Let’s work together

Contact us

Let’s work together

Contact us