Verified steps

Authenticate with an OAuth 2.0 client-credentials token scoped to DataMapping.Read in OneTrust Global Settings.
Retrieve the list of processing activities via GET https://{hostname}/api/datamapping/v1/processing-activities; paginate using the page and size query parameters until all activities are fetched.
For each processing activity, fetch its detail including data elements, legal basis, recipients, and retention periods via GET https://{hostname}/api/datamapping/v1/processing-activities/{activityId}.
Enrich the activity detail with associated assets by calling GET https://{hostname}/api/datamapping/v1/assets?processingActivityId={activityId} to retrieve the systems and databases involved.
Flatten the nested JSON into a tabular structure with columns: activity name, controller, processor (if applicable), purpose, legal basis, data categories, data subjects, recipients, cross-border transfer safeguards, and retention period.
Export the tabular RoPA as a CSV or structured JSON and store it in a version-controlled location; GDPR Art. 30 requires the record to be maintained in writing (including electronic form) and made available to supervisory authorities on request.

Known gotchas

The OneTrust data mapping API uses REST pagination; requests without explicit page parameters may return only the first page of activities, silently omitting records — always loop until the response indicates no further pages.
Processing activities in draft or archived status are included in the list by default; filter to only PUBLISHED activities for the authoritative RoPA unless you specifically need to audit drafts.
GDPR Art. 30(5) exempts organizations with fewer than 250 employees from the RoPA requirement only if processing is not likely to result in a risk to data-subject rights — in practice, most DPAs recommend maintaining a RoPA regardless of size.

project-redcap.org (REDCap API documentation) · 6 steps · unrated

Submit and poll a DSAR fulfillment request via the OneTrust Privacy Rights Automation REST API

developer.onetrust.com · 6 steps · unrated

Export expense reports from Expensify using the Expensify Integrations API

expensify · 6 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Export a Records of Processing Activities (RoPA) report via the OneTrust Data Mapping API

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes