June 20th 2025
Your Information Asset Register (IAR) and Record of Processing Activities (ROPA) are two of the most important documents in your data protection toolkit. Together, they help you get a clear picture of what personal data your organisation holds, how it flows through your service, and who has access to it.
They are not just for ticking boxes on the Data Security and Protection Toolkit (DSPT). These records are key to demonstrating accountability, meeting your legal obligations under data protection law, and ultimately protecting the people you support.
The IAR acts as a central list of all your data assets – from electronic care records to paper files, HR systems and even personal devices used for work. The ROPA goes a step further, outlining how that data is collected, used, stored and shared. Together, they give you the tools to spot risks, improve your processes and stay compliant.
Strong data documentation is the backbone of a robust DSPT. Keeping your IAR and ROPA complete, accurate and regularly updated helps ensure your team understands how data is managed – and that you’re ready to respond to any breaches, inspections or information requests with confidence.
By taking the time to get your IAR and ROPA right, you’re laying the foundation for safer, more transparent care. It’s not just about compliance – it’s about building a culture of trust and accountability in everything you do.
Resources:
Watch our IAR & ROPA webinar
Get an overview of what these documents are and how to keep them up to date:
https://loom.ly/M8BIUM4
Create your IAR with our step-by-step guide
https://loom.ly/qYBamtE
View all News