Configurable Status & Taxonomy Management
Fixed status lists push your team into free-text drift
Your privacy and security programme does not run on someone else's labels. A ROPA moves through drafted → under legal review → approved; an incident through triaged → contained → closed. When a tool forces a fixed status list, teams improvise in free-text fields and the register stops being a reliable system of record.
The drift compounds across record types. One team's "open" is another's "in progress"; vendor categories diverge from how procurement actually classifies suppliers. Reports become uncomparable and reviews slow down.
It gets worse on import. Migrating records from a spreadsheet or a prior system means statuses arrive in a vocabulary your tooling does not recognise — and someone re-keys them by hand.
What you can do with configurable status & taxonomy
- Define custom statuses per record type — ROPA, vendor, task, DPIA, incident, DSAR, asset, assessment and more.
- Keep default statuses locked from edit so core workflow stages stay intact.
- Add, rename and order your own statuses to mirror your real process stages.
- Run bulk status deletions in the background so the team keeps working while large clean-ups finish.
- Map incoming statuses on import so migrated records match your configured taxonomy.
- Maintain category lists per company — purposes, special categories, document types, vendor types.
What it delivers to your program
- Reports stay comparable because every team works from the same agreed statuses and categories — fewer reconciliation reviews before a board update.
- Migrations land clean as imported records map to your taxonomy automatically, cutting manual re-keying and post-import cleanup.
- Workflow integrity holds because default stages cannot be edited away — you extend the process without breaking what it relies on.
- Large clean-ups do not stall the team since bulk status changes run as background jobs instead of blocking the screen.
Built for compliance
This documents and helps you evidence consistent records management — it supports the obligations behind it; it does not by itself make you compliant.
| What DPMS does | Maps to | How |
|---|---|---|
| Maintains structured, consistent processing records across the register | GDPR Art. 30(1) | Configurable statuses and category taxonomies applied per record type |
| Keeps a defined, controlled set of record classifications | ISO 27001:2022 Annex A 5.12 (classification of information) | Default statuses locked; custom statuses and tag taxonomies managed per company |
| Preserves consistent record states when data moves between systems | ISO 27001:2022 Annex A 8.32 (change management) | Automatic status mapping during data import; bulk changes run as controlled background jobs |
Why Priverion
Unlike general-purpose GRC tools that hang every record off one shared status list, DPMS gives each record type its own configurable status collection — so a vendor's lifecycle and a DSAR's lifecycle never have to share vocabulary. Default statuses stay locked to protect workflow integrity while your custom ones extend it. And because this configuration lives inside one unified privacy and InfoSec platform, the same statuses and taxonomies flow through ROPA, DPIA, risk and vendor records without re-keying.
Questions DPOs ask before a demo
Can I customise statuses for every record type, or just some?
Can I edit or remove the built-in default statuses?
What happens to statuses when I import data from another system?
Are categories shared across companies, or set per company?
Explore related capabilities
Ready to fit DPMS to your process?
