GDPR: ROPA & DPIA Overview (PDF)

GDPR requires organisations to proactively assess activities which process personal data. Article 30 covers all activities within a 'Record of Processing Assessment' (ROPA), whilst certain activities will be assessed as needing a 'Data Protection Impact Assessment' (DPIA).