# Records of Processing Activities (RoPA) — Template

_Aligned to GDPR Art. 30 and POPIA s.17._

> Cyntech publishes this template as a courtesy for clients and partners building
> their own privacy programme. Cyntech's own RoPA is maintained internally and
> available to enterprise procurement teams under NDA.

**Controller / Responsible Party:** ________________________
**Information Officer / DPO:** ________________________
**Date of last review:** ________________________
**Version:** ________________________

---

## 1. Processing activity

| Field | Value |
| --- | --- |
| Activity name | |
| Business owner | |
| Purpose of processing | |
| Lawful basis (GDPR Art. 6) | Consent / Contract / Legal obligation / Vital interests / Public task / Legitimate interests |
| Special-category basis (Art. 9), if any | |
| POPIA condition (s.11) | |

## 2. Data subjects & data categories

| Field | Value |
| --- | --- |
| Categories of data subjects (employees, customers, prospects, etc.) | |
| Personal data categories | |
| Special / sensitive categories | |
| Children's data (<18) | Yes / No |

## 3. Recipients

| Recipient | Country | Role (controller / processor / joint) | Transfer mechanism |
| --- | --- | --- | --- |
| | | | |

## 4. International transfers

| Destination | Mechanism (Adequacy / SCCs Module / BCR) | Transfer Impact Assessment date |
| --- | --- | --- |
| | | |

## 5. Retention

| Data category | Retention period | Trigger for deletion / archival |
| --- | --- | --- |
| | | |

## 6. Technical & organisational measures

- Encryption in transit: ___________________________________________
- Encryption at rest: _____________________________________________
- Access control & authentication: __________________________________
- Logging & monitoring: ___________________________________________
- Backup & disaster recovery: ______________________________________
- Pseudonymisation / minimisation: __________________________________

## 7. Risk assessment

- Has a DPIA been required? Yes / No — if yes, attach reference: _________
- Residual risk rating: Low / Medium / High
- Mitigations in place: ___________________________________________

## 8. Change history

| Date | Change | Approver |
| --- | --- | --- |
| | | |