Have questions about the Record of Processing Activity (RoPA)? We can help!
The RoPA is a key tool in documenting how personal data is collected, used, and managed at Augusta University. Completing a RoPA helps us meet legal and institutional requirements, strengthens data privacy practices, and makes it easier to respond to audits or regulatory inquiries.
This FAQ walks you through what a RoPA is, why it matters, who’s responsible, and how to complete or update your entry. Whether you're a data steward, system owner, or just unsure where to start, we’ve got you covered.
Still have questions after reading? Reach out anytime by booking an appointment or emailing us at DATA@augusta.edu—we're here to help.
A Record of Processing Activity (RoPA) is a documented inventory of how personal data is collected, used, and managed across the institution. It helps track data processing activities for transparency, security, and compliance.
The RoPA is completed annually.
If you have completed the survey before, you will be sent a PDF of your past responses
with a survey asking if your responses, uses of the data, etc. have changed in the
past year. If yes, you’ll be contacted to update your survey. If no, you’re good for
another year.
If your system does not have a completed RoPA, you’ll be asked to complete the survey as soon as possible. You will receive a link to the Qualtrics survey, where you’ll provide details about your data processing activities. Instructions will be included in the survey.
While the annual cyber review does have many over lapping questions with the RoPA, they currently live in two different departments in PDF form, so it’s difficult to share this information across units in any meaningful way.
Further, cyber and data governance teams each have different questions or questions that focus on different aspects of data use. However, if you have completed a Triage or RAARe form for cyber, it will be useful to have on hand when you complete the RoPA.