Records of processing activities (ROPA) document all data processing and categories of data processing an organization engages in—they're also a requirement of 

Data controllers are responsible for creating and maintaining ROPA, which must include:   

Name and contact information for the data controller

Categories of personal data and data subjects being processed

Categories of data recipients (if the data has been shared)

Whether or not the data has or will be transferred to an “international organization” or “third country”

Data processors must maintain ROPA for any processing “carried out on behalf of a controller.”

ROPA must be made available in writing and in a digital format

 is required for any business that employs 250 or more people, whose data processing is “not occasional,” or whose processing may threaten a data subject's rights or freedoms.

Article 28

Article 30

Article 32

Article 6 

Article 9

Authorized Agents

California Consumer Privacy Act

California Privacy Protection Agency

California Privacy Rights Act

Colorado Privacy Act

Consent 

Dark Patterns

Data Controller

Data Mapping

Data Processor

Data Subject

Data Subject Access Request

Do Not Track

Do not sell/Do not share 

Facebook Limited Data Use

GDPR Personal Data

GDPR Principles

GDPR Rights

General Data Protection Regulation

Global Privacy Control

Gramm-Leach-Bliley Act

HIPAA

LGDP (Brazil's Privacy Law)

Personally Identifiable Information

Preference Management

Pseudonymization

Record of Processing Activities

Schrems II

Tracking Cookies

Utah Consumer Privacy Act 

Verifiable Consumer Request 

Virginia Consumer Data Protection Act

Field Trips Episode 3, with Max Schrems (Part 2)

Transcend offers data governance solutions that help companies achieve privacy compliance through powerful data mapping and data discovery, automated data subject requests, and simple cookie consent, all with industry leading security.