What’s the Difference Between Article 30, Extended and Processor RoPA?
Your platform supports three types of RoPA exports. Each is designed for a different use case or legal role.
1. Standard Article 30 RoPA (Controller)
This is the official version you use for compliance:
- Follows the structure of GDPR Article 30(1)
- Includes data subject types, categories, recipients, legal basis and retention
2. Extended RoPA (Internal Use)
Adds helpful internal fields:
- Linked systems
- Risk classification
- Security measures
- Task/validation info
Tip: Use this version for internal quality checks or management reporting.
3. Processor RoPA (Article 30(2))
If you are a data processor, this version documents:
- Instructions from the controller
- Security measures implemented
- Sub-processors used