Documentation required under GDPR Article 30 cataloging an organization's personal data processing activities, including purposes, data categories, recipients, transfers, retention periods, and security measures. AI systems should be reflected in ROPA entries, with particular attention to training data processing, inference logging, and any cross-border transfers to model providers.
See: Controller / processor; Cross-border data transfer; Data retention; Personal data