ethira
Features
AboutBlogSign inBook a demo
Legal, privacy & DPO
Records & privacy
Where to startYour RoPA registerPrivacy building blocks
Contracts & documents
Vendor contract reviewDocuments in one placeAI legal review
Assessments
DPIA & TPIA templatesGet help & what's next
Book a demoStuck? Ask the Agent anytime.
Processing activityLegal basisData subjectDPA reviewRetentionProcessorInternational transfer
Legal, privacy & DPO guide

Keep your records straight
and your reviews fast,
without the paperwork

A practical guide for legal counsel, privacy officers, and DPOs. Maintain your RoPA, review vendor contracts against the rules that matter, and run formal assessments — all in one place.

For legal, privacy & DPO teams  ·  Builds on the platform basics  ·  ~15 minutes to read

RoPA register

Maintain Article 30 records with less manual entry.

Contract review

Check vendor contracts against GDPR, DORA & more.

AI legal review

Route DPAs and policies straight into Wordsmith.

Assessments

Run DPIAs and TPIAs from reusable templates.

This guide is for the people who keep the organization's records defensible and its contracts sound — maintaining the RoPA, reviewing what vendors send, and producing the assessments regulators expect.

Read it in any order, and lean on the Ethira Agent whenever you'd rather describe what you need than click through to it.

New to Ethira? Start with the platform basics — signing in, navigation, the dashboard, and the Agent — then come back here. For vendor onboarding and third-party risk, the procurement & TPRM guide goes deeper.

Records & privacy

Your RoPA register

Your Record of Processing Activities lives under Processing Activities. Each row is an Article 30-style record capturing what data you process, why, the legal basis, who receives it, how long you keep it, and which vendors are involved.

Work the register

  1. Open Processing Activities to browse your records.
  2. Click any row to open it and edit fields, categories, processors, and retention in place.
  3. Select Add to create a new activity.

Make the table speak your language

Use Columns to show, hide, and reorder what you see — and rename built-in labels workspace-wide if your team says Lawful Basis where the default says Legal Basis. Your wording shows everywhere in the app, while exports and audit logs keep the standard GDPR field names, so nothing breaks behind the scenes. Need to capture something extra? Add your own custom fields and they'll appear right on each record.

Link the vendors and set retention

Attach onboarded vendors as processors on an activity so the relationship is documented, and set a retention period per activity — "24 months from last activity," for example. During vendor onboarding, Ethira can even read a DPA and pull the relevant data categories into the record for you to review.

Skip the clicks entirely. The Agent handles RoPA work in plain language — "Create a processing activity called Marketing analytics with legal basis consent," or "Set retention to 24 months for the support activity." Every change is captured in the activity log.

Records & privacy

Privacy building blocks

Define the reusable pieces once, and every record draws from the same consistent vocabulary. Manage them from the Configurations menu on Processing Activities.

  • Processing purposesThe reasons you process data.
  • Data subject categoriesWhose data it is — employees, customers, and so on.
  • Personal data categoriesWhat kind of data — contact, financial, health.
  • Recipient categoriesWho the data is shared with.
  • Security measuresThe technical and organizational measures you rely on.
  • International transfersWhere data crosses borders, linked per activity.

Add or edit any of these on their page — or just ask the Agent, for example "Add a personal data category called IP address."

Contracts & documents

Vendor contract review

Stop reading every clause by hand. Ethira checks an uploaded vendor contract against your requirements and tells you where the gaps are.

  1. Open a vendor's profile and go to Contract Analysis.
  2. Select Manage requirements to set the checklist you want to test against.
  3. Run the analysis — Ethira reviews each contract against every requirement and returns findings you can work through row by row.

A requirements library that's ready to go

Start from pre-built requirement sets and adopt only what applies to you:

  • GDPRCore data protection obligations.
  • DORAEU digital operational resilience.
  • EU AI ActFor vendors with AI in the loop.
  • NIS2 & EBA ICTNetwork security and ICT guidelines.
  • MDR / IVDRMedical and in-vitro device rules.
  • Your ownAdd custom requirements unique to your firm.

When a requirement simply doesn't apply to a given contract, mark that finding not applicable with a short rationale — and that disposition is kept on the record for audit.

Contracts & documents

Documents in one place

Contracts, DPAs, policies, and terms of service all live together — searchable across the workspace, or organized per vendor in each relationship's Documents section. Upload files directly, or paste a public trust or policy page and Ethira fetches and stores the content for you. If a page is gated or empty, it tells you plainly so you can upload the file yourself instead.

Know a document's state at a glance

Every document carries a status, so you always know what you're looking at:

Activeaccepted in the registerSignedexecutedExpiredpast its dateAI Suggestedfound during onboarding — accept or reject
Contracts & documents

AI legal review

If your team uses Wordsmith for AI-assisted legal review, Ethira connects to it so DPAs and policies flow straight into your review process.

  • Send a DPA for reviewReview any DPA in Wordsmith with one click during onboarding — or have Ethira send DPAs automatically the moment they're captured.
  • Sync your documentsKeep your DPAs and public policies mirrored into your Wordsmith repository so legal always has the latest.
  • One tidy repositoryEach Ethira workspace links to a single Wordsmith repository, and the connection status is always shown so you know it's working.

Set it all up under Settings → Wordsmith.

Assessments

DPIA & TPIA templates

Run formal privacy and transfer assessments — DPIAs, TPIAs, and risk assessment reports — from reusable templates you control, under My Organization → Assessments.

Build templates your way

Create a new template by adopting an Ethira baseline, starting blank, or uploading a Word document that Ethira turns into structured sections. In the editor, give each section guidance text, mark which are required, and reorder by dragging. Publish when ready — one approved version stays active at a time. Built-in defaults are read-only, so just duplicate one to make it yours.

Keep your legal voice in AI drafts

Each section can carry an AI hint — guidance the Agent follows when drafting that part of a filled assessment. Use it to enforce your firm's wording, require specific citations, or handle jurisdiction-specific language, so AI-drafted assessments still read the way your team writes. Completed assessments gather under Filled Assessments for review.

Assessments

Get help & what's next

The Agent is the quickest path through most of this privacy and legal work — it knows your register and can act on your behalf. A few prompts that fit:

List processing activities that share data outside the EEASummarize the DPA retention clause for Acme CorpAttach the Payroll vendor as a processor on Employee managementSet retention to 24 months on Customer onboardingAdd a personal data category called IP address

You're set to keep things tidy

Keep your records defensible, your contract reviews quick, and your assessments consistent — and let Ethira handle the paperwork in between.

Book a demoBack to top ↑
ethira

Govern every asset. Automatically.

Platform

  • Features
  • Guides
  • AI Governance

Use Cases

  • Shadow AI Discovery
  • AI Agent Governance
  • Third-Party Risk (TPRM)
  • ICT Risk Management
  • DORA RoI Reporting

Company

  • About
  • Blog
  • FAQ
  • Brand
  • Privacy Policy
  • Terms of Service
  • Subprocessors
  • Contact

© 2026 Ethira AB · Luntmakargatan 26, 111 37 Stockholm, Sweden

Privacy PolicyTerms of ServiceSubprocessors