Your ROPA, audit-ready and export-ready at any moment
A living register of every processing activity - mapped to your DPA obligations, linked to your vendors, and exportable in ODPC format whenever you need it.
Why this matters
Built for your compliance outcomes
Pre-built templates
Sector-specific ROPA out of the box
- SACCO, insurance, and fintech templates
- Healthcare processing templates
- Schools and education templates
- Digital SME templates
Linked to your stack
Vendors, policies, DPIAs connected
- Linked to vendor register
- DPIA linkage per activity
- Policy and legal basis attached
- Retention schedule included
Data lifecycle mapping
See data from collection to deletion
- Collection source mapping
- Processing flow visualisation
- Storage location mapping
- Deletion schedule and method
ODPC-format export
Audit-ready in one click
- PDF export per activity or full ROPA
- ODPC-format structured export
- Point-in-time historical snapshots
- Version-controlled updates
Features
Everything you need, nothing you don't
Activity Register
Structured register of all processing activities with pre-built templates per sector. Full s.25(1) field coverage.
Data Lifecycle Mapping
Map data from collection source through processing, storage, sharing, and deletion. Visual flow per activity.
Vendor Linkage
Link each processing activity to your processors and sub-processors in the vendor register. Transfers and safeguards recorded.
Retention Schedule
Set retention periods per data category and activity. Automatic deletion reminders at retention end dates.
DPIA Linkage
Link high-risk processing activities directly to their DPIA records. Navigation between ROPA and DPIA in one click.
PDF & ODPC Export
Export individual activities or your complete ROPA as PDF or structured data. ODPC-format for inspections and submissions.
DPA alignment
Every feature maps to a DPA section
Dira is built from the Act, not retrofitted to it. Here's exactly how each capability addresses your Kenya DPA 2019 obligations.
| Product Feature | DPA 2019 Section | What it fulfils |
|---|---|---|
| Processing activity registry | s.25(1) | Maintains records of all processing activities as required by the accountability principle |
| Purpose documentation | s.25(1)(b) | Records the purposes of processing for each activity |
| Data category mapping | s.25(1)(c) | Documents the categories of personal data processed |
| Recipient records | s.25(1)(d) | Records recipients or categories of recipients including cross-border transfers |
| Retention periods | s.25(1)(f) | Documents intended time limits for erasure of different data categories |
| Transfer safeguards | s.25(1)(g) | Records cross-border transfer details and applicable safeguards |
How it works
Step-by-step workflow
Select your templates
Choose from sector-specific ROPA templates. Dira pre-populates common processing activities for your industry.
Complete each activity record
Fill in processing purpose, data categories, legal basis, recipients, retention, and transfers. Dira validates against s.25.
Link vendors and DPIAs
Connect each activity to your processor records and any associated DPIAs. Build a fully interlinked compliance picture.
Export and update
Export your ROPA on demand. Dira alerts you when activities change and guides you through updates to keep records current.
FAQ
Common questions
Who is required to maintain a ROPA under Kenya DPA 2019?
What must a ROPA record include?
How often should I update my ROPA?
Can the ODPC inspect my ROPA?
Start using Records of Processing (ROPA) today
30-day free trial. No credit card required. Full access to all Data Privacy products from day one.