ROPA stands for Record of Processing Activities.
The ROPA must include a comprehensive overview of the processing activities you undertake. The ROPA lists every single processing activity, describing the exact usage of the data, the technical and organisational measures that have been put in place for the protection of the data. It shows who is affected by data processing, the recipient of data processed, and any other data processors. The ROPA should also include a risk analysis.
A ROPA demonstrates your organisation’s GDPR compliance and so it is essential that it is well-managed and organised.