Article 30 of the UK and EU General Data Protection Regulations requires organisations to keep records of processing activities (RoPA). However, four years into GDPR enforcement, organisations often struggle to maintain their RoPAs and get trustworthy management information from them. In this IAPP article, the HSBC Head of Data Privacy Elodie Pierloot (CIPP/E, CIPM) compares the similarities between RoPAs and the early operational risk maps required under Basel II. Fifteen years later, non-financial risk and control maps are nothing like what they once were and are now powerful frameworks indispensable to financial institutions. Pierloot has realised strategic roadmaps can ease some of the burdens to mature RoPAs quickly and offers her take on how such a strategic build of RoPAs can help organisations maximise benefits and reduce costs.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
