Records of Processing Activities (ROPAs)
As seen with the mandatory requirement to conduct DPIAs, the GDPR is a heavily risk-based law. However, many organisations are missing one of the best tools for identifying data risk in their processing, i.e., a record of processing activities (or ROPA), despite, currently, it being a statutory requirement for most organisations under Article 30. In URM’s opinion a ROPA should be front and centre of any controller’s DP compliance effort. URM has helped a number of organisations develop their ROPAs and once developed can help you identify not just the risky processing, but also the mitigating steps that can be taken to control those risks. It’s worth remembering that the ROPA will be one of the first compliance documents requested by the regulator in the event of a data breach.
Get in touch
Please note, we can only process business email addresses.
Why URM?
Track record
URM’s DP and GDPR consultants have extensive ‘real world’ experience as both practitioners and subject matter experts working at a senior level within business and in their data protection consulting roles advising organisations on best practice. With a 17-year track record assisting organisations to comply with legislation such as the Data Protection Act, the GDPR and local country-specific legislation, URM has earned a reputation for adopting a pragmatic and business appropriate approach.
Flexible service offerings
A key differentiator between URM and other data protection service providers is our flexible service offerings. Our virtual DPO service can be customised to your precise requirements, in terms of the type of support you require and the frequency of site days (remote or on site) etc. Equally, with our remediation support, URM can assist you address any gaps identified and achieve full GDPR compliance. We can also help you maintain that compliance with GDPR auditing services.
Knowledge transfer
URM prides itself on its knowledge transfer philosophy and training expertise which helps to ensure that you not only understand what the principles and requirements of the GDPR are but how to best meet them.
![](https://cdn.prod.website-files.com/663395d3790b636e6eefc3f0/66991dd7faa19c16552808c8_Blog-Banner-ICO-Jun-24.jpg)
ICO Enforcement Action January – June 2024
URM’s blog reviews ICO enforcement activities for the 1st half of 2024, highlighting trends & shifts in how it enforces against data protection breaches.
![Thumbnail of the Blog Illustration](https://cdn.prod.website-files.com/663395d3790b636e6eefc3f0/66880f138965e189a7a24c21_Blog-Thumb-Oral-Reference.jpg)
URM’s blog explores a recent ECJ ruling which dictates that oral job references are covered by the GDPR
![Thumbnail of the Blog Illustration](https://cdn.prod.website-files.com/663395d3790b636e6eefc3f0/665ffdc5b40d2f0968cb4628_Blog-Thumb-DP-Data-Analytics.jpg)
URM’s blog explores the data protection considerations for data analytics tools, and how to reap their many benefits while still maintaining GDPR compliance.
![Thumbnail of the Blog Illustration](https://cdn.prod.website-files.com/663395d3790b636e6eefc3f0/6656eda6414095f89d1a4d8d_Blog-Thumb-DP-EU-Bill.jpg)
URM’s blog explores the first formal European response to the DPDI Bill, and how the Bill may jeopardise the UK’s adequacy status when it reforms the UK GDPR.