ROPA option lists — GDPR Art.30 data-subject and recipient category taxonomies

Last updated: July 12, 2026 by Steve

ROPA Option Lists

ROPA option lists are the configurable taxonomies used on a privacy subject's GDPR Article 30 Record of Processing Activities. Specifically, they populate the categories of data subjects and recipient categories selectors on the subject's ROPA block, so your Article 30 register uses a consistent, house vocabulary across every program and system.

ROPA Option Lists (screenshot placeholder — capture: the ROPA option lists settings showing the data-subject and recipient category taxonomies)

Where to Find It

Open Settings from the app toolbar and choose ROPA option lists in the Privacy configuration group. This group is visible only to users who hold the relevant privacy configure permission.

The Lists

List Where it appears
Categories of data subjects The categories of data subjects field on a privacy subject's Records of processing (ROPA) block.
Recipient categories The recipient categories field on the same ROPA block.

Both lists are translatable across your active languages.

How It Affects Privacy Subjects

  • These taxonomies drive the matching multi-select fields on the Details tab of a privacy subject, under Records of processing (ROPA).
  • The ROPA block sits alongside the subject's other Article 30 details — processing purpose, lawful basis, categories of personal data, retention period, security measures, hosting location, and the international-transfer flag.
  • The vocabulary you set here appears whenever a subject's ROPA record is captured or edited in the Subjects directory, and flows into the Export ROPA register produced across all subjects.

Best Practice

Model these lists on the GDPR Article 30 language your regulator expects, and keep them stable. Because subjects are durable records reused across assessments and incidents, a consistent taxonomy makes your exported Record of Processing register far easier to defend.