A Practice Note providing an overview of the EU General Data Protection Regulation's (GDPR) Article 30 recordkeeping requirements for controllers and processors. This Note discusses how organizations can use data mapping to establish and maintain records of processing activities, often referred to as ROP or ROPA.