A record of processing activities (ROPA) is required under GDPR rules (art 30) for controllers and their processors when they have over 250 employees. This template will help you comply with rules. Includes sample worksheet and notes section.