GDPR Art. 30 RoPA automation: what metadata fields do you actually pull from your data pipeline vs. manually cataloging?

We're updating our Records of Processing Activities (Art. 30) and debating how much to automate vs. keep manual. The temptation is to wire up pipeline metadata extraction — table names, column classifications, retention policies from our data catalog (we use OpenMetadata). But the legal team says RoPA requires more than technical metadata: lawful basis, DPO assignment, retention justification, cross-border transfer mechanism, etc. Questions for teams who've built or semi-automated this: 1. What fields do you pull directly from data catalogs/pipelines (data types, storage location, encryption status)? 2. What fields require legal input that no tool can infer (lawful basis under Art. 6, legitimate interest assessments)? 3. Did you build a mapping layer between technical metadata and legal requirements, or keep them as parallel documents? 4. How do you handle the "categories of data subjects" field — do you derive this from data schemas or maintain a separate registry? We're a ~200 person company processing EU citizen data across 3 jurisdictions. Currently doing RoPA in spreadsheets, which is painful to keep current. Any architecture diagrams or tool recommendations (open source preferred) would be helpful.