There is more than one way to look at Records of Processing Activities. For some, the RoPA is an administrative chore, a box to tick on the way to filling out an audit questionnaire. For others, it is the centrepiece of how they tackle data protection, a compendium of everything that goes on with personal data in their organisation. The notorious Information Commissioner’s Office template spreadsheet is literally colour-coded to reflect the fact that half of what the ICO asks you to include is purely optional.

I’m not here to lecture you: I’m here to show you options. In this session, I’ll explain the minimum necessary to comply with the UK GDPR, and then tantalise you with what else you might achieve with a more detailed document, especially if you integrate it with other things.