Article 30 of GDPR requires companies to produce records of processing activities (ROPA). According to the ICO, this requires “a formal, documented, and accurate ROPA based on a data mapping exercise that is reviewed regularly”. ROPA reflects the accountability...