Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Exporting your ROPA

Compliance officers and DPOs use the ROPA list screen to export their organisation's complete Record of Processing Activities — or a filtered subset — as a ready-to-share file for supervisory authorities, internal audits, or management reporting.

The ROPA list screen is your command centre for the organisation's Record of Processing Activities. It gives you a live overview of every processing activity documented in DPMS, lets you filter and search across the register, and — most importantly for this article — provides a one-click export so you can hand over an audit-ready file without any manual copy-pasting. DPOs reach for this screen whenever a supervisory authority requests a copy of the register, when internal audit needs a snapshot, or when management wants a report on a particular subset of activities. The export always reflects exactly what is visible in the list at the moment you trigger it, so any active filters are automatically applied.

How to open it

In the left-hand sidebar, click ROPA. You land directly on the list view — no sub-menu is needed. The screen is available to anyone whose account includes read access to the ROPA module. If the ROPA entry does not appear in your sidebar, or if you see an access-denied page when navigating directly to the address, your account does not yet have the required permission. Contact your DPMS administrator to have it added.


What you see

The screen has three main areas stacked vertically. At the very top is the page header row: the label "ROPA" on the left (which also acts as a breadcrumb link back to this page when you are browsing inside a record) and a small cluster of action controls on the far right — a Create button and a ⋯ (ellipsis) icon. The ellipsis is where the export lives.

Directly below the header is the search and filter bar. This is where you can type a name to search, or add structured filter chips (for example, "Classification = HR Processing") to narrow the list. Any chips you add here directly affect what ends up in an exported file, so it is worth pausing here before you export to make sure only what you want is showing.

Below the filter bar is the main processing activities table. Each row is one processing activity. Columns show the activity's name, legal role (Controller, Processor, or Joint Controller), classification tags, organisational unit, risk level, and — if your company has the Data Transfer feature enabled — a flag indicating whether international data transfers are involved. Scrolling to the bottom of the table automatically loads the next page of records.

Working with this screen

Exporting the complete ROPA register

This is the most common scenario: a supervisory authority has sent a formal request, or your audit team needs the full register. Before you export, glance at the filter bar. If you see no filter chips and the search field is empty, the export will include every processing activity in the system.

Click the ⋯ ellipsis icon in the top-right corner of the screen. A small dropdown menu appears. Select Export. DPMS sends the request to the backend, and after a moment your browser begins downloading the file — typically an Excel workbook.


Open the downloaded file and review it before sending it on. It contains all the key metadata fields for every processing activity: name, status, legal role, responsible person, organisational unit, applicable regulations, and more.

Heads up: The export honours whatever filter is currently active. If you filtered the list earlier in your session and forgot to clear it, the downloaded file will only contain the filtered subset — not the full register. Always double-check the filter bar before clicking Export.

Exporting a filtered subset for a specific report

Sometimes you need only a slice of the register — for example, all activities tagged under "HR Processing", or everything assigned to a particular organisational unit. The filter bar is the tool for this.

Click inside the search and filter bar and add the criteria you need. For instance, add a filter chip for Classification, choose the operator "equals", and type or select the category value. The table updates immediately to show only matching records.


Once you are satisfied that the visible rows represent exactly what you want, click the ⋯ ellipsis icon and select Export. The downloaded file will contain only those filtered records. This makes it straightforward to produce targeted compliance reports without exporting and then manually editing the full register.

Tip: You can combine multiple filter chips — for example, filter by both Organisational Unit and Classification — to produce a very precise export. Each additional chip narrows the results further.

Drilling into a record before or after exporting

If you want to verify the details of a specific processing activity before including it in an export, simply click its row in the table. This opens the ROPA detail view for that record.


In the detail view you can review all tabs — personal data, legal basis, affected persons, linked assets, risk scenarios, and more. When you are done, click the ROPA breadcrumb link at the top-left to return to the list. Crucially, the filter you had active on the list is preserved, so you come back to exactly the same filtered view you left. You can then proceed to export with confidence.

The detail view also has a clock icon (Activity Log) in its top-right corner. Click it to see a full audit trail of every change made to that record — useful for checking that the information is current before you include it in a report sent to a supervisory authority.

Field reference

The exported file maps directly to the columns and data fields stored against each ROPA record. Here is what the main columns in the list represent:

  • Name — The title of the processing activity in your preferred language. If DPMS is configured for multiple languages, the name resolves to your current interface language.
  • Type (Legal Role) — Whether your organisation acts as Controller, Processor, or Joint Controller for this activity. Required for GDPR Article 30 compliance.
  • Classification — One or more category tags describing the nature of the processing (e.g. "HR", "Marketing"). These tags are managed in Compliance Settings.
  • Organisational Unit [Department] — The business unit responsible for the activity. If any record in the system carries a department sub-level, the column header expands to show both unit and department.
  • Risk Target — The assessed risk level (Very Low through Very High) for this activity, based on the risk model configured in Risk Settings. If no risk model has been set up, this column will be empty for all records.
  • Data Transfer — A flag showing whether personal data is transferred to recipients in countries outside your organisation's home jurisdiction. Only visible when an IT admin has activated the Data Transfer feature for your company instance.

How this connects to the rest of DPMS

The ROPA list is the starting point for everything in the ROPA module. When you click a row, you enter the detail view where the activity is enriched with linked personal data types, legal basis, purposes, affected persons, assets, risk scenarios, DPIAs, tasks, and retention rules. All of that enriched data feeds back into the exported file — so the richer your records, the more informative your exports.

Several other parts of DPMS depend on what is set up here:

  • Risk Settings must have a process risk model configured for the Risk Target column to display meaningful values. If the column is blank across the board, ask your IT admin or DPO to configure the risk model in Risk Settings first.
  • Compliance Settings (Tags) supplies the Classification, Legal Basis, Applicable Regulations, and other tag options that appear in ROPA records. If you need a new classification category, it must be created in Compliance Settings before it can be attached to a ROPA record.
  • IT Settings → AI Configuration powers the AI-assisted field generation available on the ROPA creation form. Without valid AI credentials configured there, the AI helper button on the creation form will not be available.
  • Data Transfer feature is toggled by an IT admin in company settings. Once active, the Data Transfer column appears in this list and in exports, giving you a quick signal of which activities carry cross-border transfer risk.

After exporting, a common next step is to open the downloaded file and cross-reference it against your Transfer Impact Assessments or DPIAs to ensure every transfer flagged in the Data Transfer column is covered by a lawful transfer mechanism.

Tips & common pitfalls

Heads up: Always check the filter bar before exporting. Active filter chips mean the exported file is a subset, not the complete register. If you need the full ROPA, remove all chips first by clicking the × on each one.
Tip: If the Risk column is blank for all records, a process risk model has not yet been configured. Go to Risk Settings, set up likelihood and damage categories, and the column will populate automatically.
  • No status tabs to click. Unlike some other DPMS list screens, the ROPA list currently shows only an "All" tab. To filter by status (Active, Draft, Inactive, Review), use the filter bar and add a Status filter chip manually.
  • Row icons on hover are placeholders. When you hover over a row, you may see small icons (a ban symbol, an envelope, a checkmark, a printer) appear on the right. These are reserved for future features and do not do anything yet. They are safe to ignore.
  • Filters carry over into record navigation. When you click into a ROPA record from a filtered list, the ‹ › arrows in the detail view step through only the records that match your filter — not all records. This is intentional and very handy when reviewing a specific subset, but it can be surprising if you forget a filter is active.
  • The Data Transfer column is hidden unless enabled. If you do not see this column, it has not been activated for your company. An IT admin can switch it on in the company IT settings.
  • Status and Responsible Person changes on the detail view save instantly. If you open a record and change its Status or Responsible Person in the sticky header at the top of the detail view, that change is saved immediately — there is no separate Save button for those two fields. All other fields on the General tab require you to click Save explicitly.


Was this article helpful?

English
Powered by Product Fruits