ROPAI
Compliance Intelligence
Forgot password?
Don't have an account? Create one
🔑
Reset your password
We'll send a reset link to your email address.
← Back to sign in
Already have an account? Sign in
📧
Check your email
We've sent a confirmation link to your email address. Click it to activate your account, then sign in here.
← Back to sign in
ROPAi
Compliance Intelligence
Core
Dashboard
ROPA Register
Processors
Notifications 0
Actions
New Entry
Pending Review 0
Audit Reports
DSR Tracker
Supplier Intel
Community
Feedback & Roadmap
Admin
Approval Settings
Version History
?
Loading…
Admin · Sign out
Dashboard
Overview of your ROPA compliance status
Loading your compliance status…
Analysing your ROPA register
—
Total entries
—
Approved
—
In draft
—
Action required
Needs attention
All entries are up to date ✓
Recent activity
No recent activity
Full register
Risk: Team: From: To:

Complete this form when onboarding a new supplier. If personal data is involved, an AI discovery interview will be triggered to generate your ROPA entry.

The legal name of the company or individual being onboarded
What service is this supplier providing?
Will the supplier collect, store, or process personal data on your behalf?
Treating as Yes. Where there is any doubt, we treat the answer as yes. Better to run an unnecessary interview than miss a genuine processing activity.
Approximate month and year this supplier began processing personal data on your behalf.
ROPAi will alert the relationship owner at 3 months, 1 month, and 2 weeks before this date and prompt a renewal review.
Which team or person owns this supplier relationship?
Common departments

Please complete all fields before continuing.

Question 1 of 6
Discovery Interview
Suggested terms — click to add
Skip
Supplier context
Supplier
—
Purpose
—
Owner
—
Answers so far
ROPAi
Generating your ROPA entry

Mapping interview answers to Article 30 fields...

Interview answers received
Analysing processing activities
Mapping to Article 30 fields
Identifying legal basis
Drafting ROPA entry
—
—
—
Contracts & Agreements
Attach DPAs, MSAs and NDAs to this entry. Track expiry dates and get renewal alerts.
⚠️ No DPA on file. A Data Processing Agreement is required under UK GDPR Article 28 when using a processor.
DPIA Screening
Not assessed
Under UK GDPR Article 35, a Data Protection Impact Assessment is legally required where processing is likely to result in a high risk. Answer the 5 questions below — ROPAi will determine if one is needed.
Answer all 5 questions to get your assessment
—
Total suppliers
—
High risk
—
Medium risk
—
Low risk
Sort by:
Loading supplier analysis…
💡 Feedback & ideas
🗺 Product roadmap
📋
Generate audit report
Produce a point-in-time compliance snapshot covering your full ROPA, completeness gaps, and risk exposure. Print or save as PDF.
Core — all tiers
🔁
Schedule recurring audit
Automatically generate and log audit reports on a weekly, monthly, or quarterly basis. Ideal for DPO-led oversight programmes.
Enhanced — Professional & DPO Practice
Scheduled reports
Approval roles
Define who can approve ROPA entries. These roles will be shown on entry cards and in the audit trail.
When is approval required?
Choose the conditions under which a ROPA entry must go through approval before being marked live.
Multi-stage approval
Require sign-off from multiple roles in sequence before an entry is approved. Useful for organisations with a formal DPO + legal review process.
Enable multi-stage approval
Entries must pass through each stage in order
Additional options
Fine-tune approval behaviour for your organisation.
Require justification on approval
Approver must add a comment before approving
Auto-approve Low risk entries
Low risk entries skip the approval queue entirely
✓ Settings saved
🆕
All
Alerts
Activity log
Sent log
Change log
Renewal Check
Let's confirm this entry is still accurate before the contract renews.
Is your organisation still using this supplier?
Has the scope changed?
Think about changes to data types, countries, sub-processors, or purposes since the last review.
Has the scope of personal data processing changed?
e.g. new data categories, transfers to new countries, new sub-processors added
Update renewal date
Great — the ROPA entry is still accurate. Please set the new contract expiry date.
Fresh interview needed
A new AI discovery interview will run to update the ROPA entry. The existing entry will be preserved in version history.
Ready to start the fresh interview for ?
Mark for offboarding
Next steps for your DPO: Confirm all personal data has been deleted or returned, verify the Data Processing Agreement has been terminated, and archive the ROPA record.
Mark this entry as Action Required and notify the DPO?
Saved
ROPA Compliance Audit Report
Schedule recurring audit report
An audit report will be generated automatically and saved to your report log.
✓ Enhanced tier feature — available on Professional and DPO Practice plans.
Import existing ROPA
Upload an Excel (.xlsx) or CSV file. ROPAi will map the columns and add any new rows to your register.
📂
Click to browse or drag & drop
Supports .xlsx and .csv
Your columnMaps toSample value
Manage custom columns
Add custom fields to every ROPA entry — e.g. AI checklist, internal notes, or bespoke compliance flags.
Add new column
Open requests
0
Awaiting response
Due this week
0
Within 7 days
Completed
0
Closed this month
Data Subject Requests
⏱ UK GDPR requires responses within 30 calendar days of receipt. Extensions of up to 2 months permitted for complex requests with notice to the requester.
RequesterRequest typeReceivedDeadlineDays leftStatus
No requests yet — click "+ New request" to add one
New Data Subject Request
Log a new DSR to start the 30-day response clock.
📄 Privacy Notice — Generated by ROPAi
Based on this ROPA entry · UK GDPR compliant