Buried in the GDPR is a quiet obligation that catches small businesses off guard: Article 30 requires you to keep a record of your processing activities — what personal data you handle, why, where it goes, how long you keep it. Most freelancers and small studios meet it with a spreadsheet copied from a template, filled in once, and never touched again. Which means that the moment it's needed — a client's data request, an audit, a dispute — it's already out of date. Hub now writes that register for you, and keeps it current.
A record of processing activities is genuinely useful — it's the map of where personal data lives in your business. The problem is that maintaining it by hand is a chore nobody does, because the map changes every time you add a tool, take on a client, or turn on a feature, and the document doesn't change with it. A stale register is arguably worse than none: it tells a regulator you understood the obligation and then stopped meeting it.
Instead of asking you to describe your business in a questionnaire, Hub reads it. The register is computed from the modules you've switched on and the data each one touches — your client book, your invoices, your intake forms, your consent records. If a module handles personal data, it shows up in the register with its purpose, its categories of data, and its retention. The document stops being something you author and becomes something the system observes about itself.
Because the register is a projection of your live configuration, it can't drift. Turn a module off and its entry leaves the record. Turn one on and its processing appears, already described. There's no "remember to update the compliance doc" step, because there's no doc to remember — there's a view that always reflects the present. When you need to hand it to someone, it's the truth as of this morning, not as of the afternoon you first set it up.
The best compliance document is the one you never have to remember to update — because the software that does the processing is also the software that keeps the record.
It lives in Hub's Comply set, alongside the verifiable consent, retention, and deletion tooling — and like the rest of that family, the actions behind it leave receipts you can prove. Article 30 is one of those obligations that feels like paperwork until the day it's evidence. We'd rather it be ready before that day than scrambled together after it.