Keep your records straight
and your reviews fast,
without the paperwork
A practical guide for legal counsel, privacy officers, and DPOs. Maintain your RoPA, review vendor contracts against the rules that matter, and run formal assessments — all in one place.
RoPA register
Maintain Article 30 records with less manual entry.
Contract review
Check vendor contracts against GDPR, DORA & more.
AI legal review
Route DPAs and policies straight into Wordsmith.
Assessments
Run DPIAs and TPIAs from reusable templates.
This guide is for the people who keep the organization's records defensible and its contracts sound — maintaining the RoPA, reviewing what vendors send, and producing the assessments regulators expect.
Read it in any order, and lean on the Ethira Agent whenever you'd rather describe what you need than click through to it.
New to Ethira? Start with the platform basics — signing in, navigation, the dashboard, and the Agent — then come back here. For vendor onboarding and third-party risk, the procurement & TPRM guide goes deeper.
Your RoPA register
Your Record of Processing Activities lives under Processing Activities. Each row is an Article 30-style record capturing what data you process, why, the legal basis, who receives it, how long you keep it, and which vendors are involved.
Work the register
- Open Processing Activities to browse your records.
- Click any row to open it and edit fields, categories, processors, and retention in place.
- Select Add to create a new activity.
Make the table speak your language
Use Columns to show, hide, and reorder what you see — and rename built-in labels workspace-wide if your team says Lawful Basis where the default says Legal Basis. Your wording shows everywhere in the app, while exports and audit logs keep the standard GDPR field names, so nothing breaks behind the scenes. Need to capture something extra? Add your own custom fields and they'll appear right on each record.
Link the vendors and set retention
Attach onboarded vendors as processors on an activity so the relationship is documented, and set a retention period per activity — "24 months from last activity," for example. During vendor onboarding, Ethira can even read a DPA and pull the relevant data categories into the record for you to review.
Skip the clicks entirely. The Agent handles RoPA work in plain language — "Create a processing activity called Marketing analytics with legal basis consent," or "Set retention to 24 months for the support activity." Every change is captured in the activity log.
Privacy building blocks
Define the reusable pieces once, and every record draws from the same consistent vocabulary. Manage them from the Configurations menu on Processing Activities.
- Processing purposesThe reasons you process data.
- Data subject categoriesWhose data it is — employees, customers, and so on.
- Personal data categoriesWhat kind of data — contact, financial, health.
- Recipient categoriesWho the data is shared with.
- Security measuresThe technical and organizational measures you rely on.
- International transfersWhere data crosses borders, linked per activity.
Add or edit any of these on their page — or just ask the Agent, for example "Add a personal data category called IP address."
Vendor contract review
Stop reading every clause by hand. Ethira checks an uploaded vendor contract against your requirements and tells you where the gaps are.
- Open a vendor's profile and go to Contract Analysis.
- Select Manage requirements to set the checklist you want to test against.
- Run the analysis — Ethira reviews each contract against every requirement and returns findings you can work through row by row.
A requirements library that's ready to go
Start from pre-built requirement sets and adopt only what applies to you:
- GDPRCore data protection obligations.
- DORAEU digital operational resilience.
- EU AI ActFor vendors with AI in the loop.
- NIS2 & EBA ICTNetwork security and ICT guidelines.
- MDR / IVDRMedical and in-vitro device rules.
- Your ownAdd custom requirements unique to your firm.
When a requirement simply doesn't apply to a given contract, mark that finding not applicable with a short rationale — and that disposition is kept on the record for audit.
Documents in one place
Contracts, DPAs, policies, and terms of service all live together — searchable across the workspace, or organized per vendor in each relationship's Documents section. Upload files directly, or paste a public trust or policy page and Ethira fetches and stores the content for you. If a page is gated or empty, it tells you plainly so you can upload the file yourself instead.
Know a document's state at a glance
Every document carries a status, so you always know what you're looking at:
AI legal review
If your team uses Wordsmith for AI-assisted legal review, Ethira connects to it so DPAs and policies flow straight into your review process.
- Send a DPA for reviewReview any DPA in Wordsmith with one click during onboarding — or have Ethira send DPAs automatically the moment they're captured.
- Sync your documentsKeep your DPAs and public policies mirrored into your Wordsmith repository so legal always has the latest.
- One tidy repositoryEach Ethira workspace links to a single Wordsmith repository, and the connection status is always shown so you know it's working.
Set it all up under Settings → Wordsmith.
DPIA & TPIA templates
Run formal privacy and transfer assessments — DPIAs, TPIAs, and risk assessment reports — from reusable templates you control, under My Organization → Assessments.
Build templates your way
Create a new template by adopting an Ethira baseline, starting blank, or uploading a Word document that Ethira turns into structured sections. In the editor, give each section guidance text, mark which are required, and reorder by dragging. Publish when ready — one approved version stays active at a time. Built-in defaults are read-only, so just duplicate one to make it yours.
Keep your legal voice in AI drafts
Each section can carry an AI hint — guidance the Agent follows when drafting that part of a filled assessment. Use it to enforce your firm's wording, require specific citations, or handle jurisdiction-specific language, so AI-drafted assessments still read the way your team writes. Completed assessments gather under Filled Assessments for review.
Get help & what's next
The Agent is the quickest path through most of this privacy and legal work — it knows your register and can act on your behalf. A few prompts that fit:
You're set to keep things tidy
Keep your records defensible, your contract reviews quick, and your assessments consistent — and let Ethira handle the paperwork in between.