Record of Processing Activities Generator (Art. 30 GDPR)
The internal register every controller should keep — generated from the same answers as your privacy policy, with one processing activity per purpose: legal basis, data categories, recipients, transfers, erasure deadlines and security measures.
Generate it now — free →What you get
- ✅ One structured processing activity per purpose, as Article 30(1) requires
- ✅ Consistent with your privacy policy — same answers, no contradictions
- ✅ Includes the non-applicability record for sites that process no personal data
- ✅ Internal document, ready to show the supervisory authority on request
Frequently asked questions
Who must keep a record of processing activities?
In practice, almost every controller. The exemption for organisations under 250 employees does not apply if the processing is regular — which website analytics, newsletters or customer records usually are. Keeping the record is the safe default.
Does the record have to be published?
No. It is an internal document (Art. 30(4) GDPR) that must be made available to the supervisory authority upon request — unlike your privacy policy, which is public.
What must each activity contain?
Purpose, categories of data subjects and data, recipients, international transfers, erasure deadlines and a general description of security measures — exactly the fields this generator fills in for you.
Is it free?
Yes, like everything on LegalDocsKit: no sign-up, no watermark, voluntary donations only.