As part of GDPR compliance, organizations are required to create and maintain the so-called “Record of Processing Activities”, often refered to as the RoPA. Sometimes, professionals within data protection and privacy may use the term interchangeably with the term “data mapping”. This is a technical term rather than a legal term, but it is well established in GDPR slang to be identical to RoPA. In this guide, we will go through the requirements for a controller’s RoPA.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]