Record of Processing Activities Generator (Art. 30 GDPR)

The internal register every controller should keep — generated from the same answers as your privacy policy, with one processing activity per purpose: legal basis, data categories, recipients, transfers, erasure deadlines and security measures.

Generate it now — free

What you get

Frequently asked questions

Who must keep a record of processing activities?

In practice, almost every controller. The exemption for organisations under 250 employees does not apply if the processing is regular — which website analytics, newsletters or customer records usually are. Keeping the record is the safe default.

Does the record have to be published?

No. It is an internal document (Art. 30(4) GDPR) that must be made available to the supervisory authority upon request — unlike your privacy policy, which is public.

What must each activity contain?

Purpose, categories of data subjects and data, recipients, international transfers, erasure deadlines and a general description of security measures — exactly the fields this generator fills in for you.

Is it free?

Yes, like everything on LegalDocsKit: no sign-up, no watermark, voluntary donations only.

Generate it now — free