Ghost
ResourcesPricingSecurity
Get started
ResourcesArticle 30 Register overview

On this page

  • What the Article 30 Register is for
  • Records and structure
  • Templates
  • Import
  • Review queue
  • Gap analysis
  • Export
  • Collaboration

Article 30 Register overview

Tutorial: build your register of processing activities (ROPA / data Article 30 register) using the dashboard, wizard, templates, import, gap analysis, review queue, and exports.

Last updated April 2026

What the Article 30 Register is for

This tutorial is for people who have not used the Article 30 Register(known as ROPA under GDPR) before. Many privacy laws require organisations to maintain a structured inventory of how they process personal information: which systems, for which purposes, on which legal bases, with which recipients, and how long you keep data.

The Article 30 Register is where you capture that information in Ghost instead of only using spreadsheets. It does not replace legal advice about what must go in your register or how to word it for a regulator. It gives you consistent fields and exports to support that work.

  1. Confirm you are in the correct organisation and matter if your org splits the Article 30 register by matter.
  2. Open the header tools menu and choose Article 30 Register.
  3. You should land on the Article 30 register dashboard, which lists processing activities you have already created.

Records and structure

Each row in the register is usually one processing activity: a single way you process personal data that you want to document clearly (for example "Customer relationship management" or "Payroll"). The number of activities you can create depends on your subscription (see the pricing page).

Add a processing activity

  1. From the Article 30 register dashboard, use the control to add or create a new activity (exact wording depends on your screen).
  2. Ghost opens a wizard or form that walks through the fields. Expect questions about the controller, purposes, legal bases, categories of individuals and data, recipients (including processors), transfers outside your region, retention, and high-level security measures.
  3. Save when you reach the end. The new activity appears on your dashboard list so you can edit it later.

Your organisation may offer templates that pre-fill parts of the wizard. If you see a template option when you start, pick one that matches the type of processing you are documenting.

Choose clear names for each activity so legal and IT can find them after onboarding or a new system launch. Where possible, align category names with your privacy notice so internal records match what you tell the public.

Templates

Open Templatesin the sidebar to browse pre-built activity templates organised by category. A template pre-fills the wizard fields for common processing activities (for example "Customer relationship management" or "Payroll"), saving time when your register has many similar entries.

  1. Pick a template that matches the type of processing you are documenting.
  2. The wizard opens with the template's defaults already filled in.
  3. Adjust any fields that differ for your organisation, then save.

Import

Use Import when you already have activities in a spreadsheet (for example a processing-inventory-style CSV or an export from another tool) and want to load them into Ghost as draft activities you can review and complete in the builder.

From the Article 30 register dashboard, open Import (sidebar or toolbar). You can choose a file or drag and drop onto the upload area. Ghost accepts CSV and Excel (for example .csv, .xlsx). For very large files, stay within roughly a couple of thousand data rows so validation stays responsive.

After upload, you will see a preview of the first rows, then a column mapping step: match each spreadsheet column to a Ghost field (for example activity name, purpose, legal basis). Map at least one column to Activity name so rows can be imported. You can save a mapping under a name for the next import, and load a saved mapping when the file layout is the same — useful for recurring exports from another tool.

Run validation to check each data row before you commit. Messages refer to Row N using the row number in your original file: row 1 is usually the header row, so the first data row is typically row 2. Fix blocking issues in the spreadsheet or adjust the mapping, then run validation again.

When you are satisfied, confirm the import. Ghost creates draft activities for rows that pass validation (rows with blocking errors are skipped). Drafts are meant for cleanup: they use relaxed checks until you finish them.

To finish an imported activity and take it out of draft state, open it from the Article 30 register dashboard, go to the Edit tab, walk through the wizard to the finalReview step, and save. That save runs full field validation and promotes the activity to a normal register entry. After that, use the Review queue and your usual processes to keep it current.

For a column layout that maps cleanly in the importer, see our starter Article 30 register spreadsheet (CSV).

Review queue

The Review Queue helps you keep the register current. Most privacy frameworks expect records to be reviewed regularly (many organisations aim for at least once every twelve months). The review queue surfaces activities that are due or overdue for review so you can work through them without scanning the full list.

Open an activity from the queue, confirm or update each field, and mark it as reviewed. The review date resets and the activity drops out of the queue until its next cycle.

Gap analysis

Gap Analysis identifies processing activities with missing required fields, unsafeguarded transfers, or other compliance gaps. It shows an overall compliance score as a percentage alongside a count of activities that need attention.

Work through the flagged activities to raise your score. The analysis recalculates as you save changes, so you can track progress. For a full walkthrough, see Processing inventory gap analysis and review.

Export

Use the Export page when you need a regulator-ready copy of your register. The Article 30 Register supports PDF and Excel formats. Which formats are available depends on your subscription.

Both formats include organisation details and all processing activities. Use these files for audits, board packs, or contract annexes.

Collaboration

In practice, different people own different parts of the register. IT or product teams often fill technical recipients and transfers. Privacy or legal colleagues refine legal bases and retention. Your organisation's roles control who may add, edit, delete, or export Article 30 register entries.

Using the Article 30 Register together with the Privacy Request Manager, Document Redaction, and the Compliance module helps keep one consistent story about what data you hold and how you respond to individuals.

For how the product areas fit together, read Introduction to Ghost.

PreviousPrivacy request intake and configurationNextRegister gap analysis and review
© 2026 Ghost. All rights reserved.
ResourcesPrivacyTermsSecurity