Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Tasks

The Tasks screen is your central hub for creating, tracking, and closing every compliance action item in DPMS — whether it emerged from a risk assessment, a vendor review, an audit finding, or a policy gap — giving compliance officers, DPOs, IT admins, and risk managers a single, auditable place to manage work from start to finish.

Tasks are the connective tissue of your compliance programme. When a risk assessment uncovers a gap, when a DPIA flags a remediation action, or when an audit produces a list of corrective measures, those obligations need to live somewhere structured — with an owner, a deadline, a priority, and a clear status. The Tasks screen provides exactly that. It is not just a to-do list: every change you make is logged, every task can be traced back to the risk or asset it addresses, and the full history is available to auditors at any time. Compliance officers and DPOs use it daily to move work forward; IT admins and risk managers use it to confirm that identified gaps are actively being resolved; auditors use it to gather evidence that remediation is happening.

How to open it

Click Tasks in the main left-hand sidebar. One click lands you on the task list at /tasks. No sub-menus are required. The menu item is only visible if you have at least read access to tasks. If you navigate directly to the URL without the necessary permission, DPMS redirects you to an access-denied page.

Heads up: There are two levels of read access. Broad read access lets you see all tasks in the system. Restricted read access lets you see only tasks where you are the assigned responsible person. Your administrator controls which level you have.

What you see

The index page has two main areas. At the top, a row of tabs — All, Active, Draft, Inactive, and Review — filters the table below by lifecycle status. DPMS remembers whichever tab you last visited, so returning to the Tasks screen always puts you back where you left off. Below the tabs is the task table, which lists every task you have access to, with columns for name, priority, type, responsible persons, status, deadline, and estimated effort. In the top-right corner of the table area sit the Create button and the action bar containing export and delete controls.

When you open a specific task, the layout shifts to a two-panel view. On the left is the Element Menu — a collapsible vertical navigation panel with tabs for every section of the task record: General, Logs, RASCI, Linked Elements, Documents, Assessments, and Workflows. On the right is the task's content, starting with a sticky header that always shows the task name, the responsible person picker, the status dropdown, and the priority selector regardless of which tab you are reading. A small clock icon floats in the top-right corner of the content area; clicking it opens the Activity Log.

Working with this screen

Creating a new task from scratch

When a gap is identified — say, a risk assessment flags that backup storage is not encrypted — the compliance officer opens the Tasks screen and clicks the Create button at the top-right. A small dropdown appears; select Create Task. The task creation form opens.

Start by giving the task a clear, descriptive name in the Name field, such as "Encrypt backup storage." Then use the sticky header at the top of the form to set three key properties straight away: assign a Responsible Person by typing a colleague's name into the picker, choose a Status (set it to Active if work should begin immediately, or Draft if it is still being planned), and pick a Priority — Low, Medium, or High.

In the form body, select the relevant Organisational Unit, choose a Type tag to classify the task, set a Deadline using the date picker, and enter an Estimated Effort in the format 2d or 1w 3h (see the Field Reference section below for the exact rules). Add a detailed Description in the rich-text area so that whoever picks up the task has full context.

Once you are satisfied, click Save. DPMS creates the task record and takes you directly to the new task's detail view, where you can immediately add linked elements, documents, or RASCI assignments.

Tip: If you have a batch of tasks to load — for example, after importing findings from an external audit tool — use the Import option inside the Create dropdown. Select a JSON file previously exported from DPMS and the system will create all tasks in one operation. The Import option is only visible if your account has the import permission.

Reviewing and updating an existing task

Open the task list, use the status tabs to focus on the relevant lifecycle stage (for example, click Active to see all in-progress tasks), and click a task name to open its detail view.

Once inside the detail view, the sticky header lets you make the most common changes without ever entering the edit form. Click the Status dropdown to move the task along its lifecycle — from Draft to Active when work begins, from Active to Review when it is ready for sign-off, or to Inactive when it is complete. Click the Priority selector to escalate or de-escalate urgency. Click the Responsible Person picker to reassign the task to a different colleague. All three of these actions save immediately — there is no separate Save button in the sticky header.

For deeper changes — updating the name, deadline, type, workload, or linked elements — click the Edit button inside the relevant tab. This opens the full edit form pre-populated with the current data. Make your changes and click Save to apply them.

The General tab also lets you update the task's description inline: click directly on the description text, make your edits in the rich-text editor that appears, and click the save button inside the editor. This is the quickest way to add a note or clarification without going through the full edit form.

Heads up: Status and priority changes in the sticky header take effect instantly and cannot be undone with a cancel button. If you change a status by accident, simply change it back — but be aware that both changes will appear in the Activity Log.

Navigating multiple tasks in sequence

When you need to review a batch of tasks — for example, checking every active task assigned to a colleague who is leaving the organisation — you do not need to return to the task list between each one. Use the and arrow buttons next to the task name in the breadcrumb to step through the previous and next records in your currently filtered list.

The arrows respect whatever filter tab and search criteria you had active when you opened the first task. So if you filtered to Active tasks first and then opened one, the arrows will cycle through only Active tasks. If no previous record exists, the left arrow is greyed out; if no next record exists, the right arrow is greyed out.

Reviewing linked objects and documents

A task does not exist in isolation — it typically addresses a specific risk, asset, vendor, or processing activity. Click the Linked Elements tab in the Element Menu to see a table of every DPMS object connected to this task.

Each row in the linked elements table shows the object's name and type. Click a row to navigate directly to that object's own detail view — for example, the specific risk record that generated this task. Use this when you need to understand the full context of what the task is meant to address, or when you want to verify that a remediation action is properly connected to the original finding.

The Documents tab works the same way: it lists any policies or procedure documents linked to this task. The Assessments tab lists connected DPIAs or other assessments. In the detail view, these tabs are read-only — to add new links, click Edit on the relevant tab to open the edit form.

Tip: Linking tasks to risks, assets, and assessments is what turns the Tasks screen from a to-do list into an audit trail. Auditors reviewing your compliance programme will look here to confirm that every identified gap has a traceable remediation action.

Checking the activity log for audit evidence

At any time, click the clock icon in the top-right corner of the task detail view to open the Activity Log drawer.

The drawer slides in from the right and shows a chronological list of every change ever made to this task: field edits, status transitions, priority changes, and responsible person reassignments. Each entry shows who made the change and when. This is your primary source of audit evidence for a specific task. When an auditor asks "who approved this remediation action and when?", the Activity Log gives you a timestamped answer.

Close the drawer by clicking outside it or using the close button; it does not affect any task data.

Reviewing RASCI assignments

Click the RASCI tab to see who holds each responsibility role for this task: who is Responsible (doing the work), Accountable (ultimately answerable), Supporting (assisting), Consulted (providing input), or Informed (kept in the loop). This view is read-only in the detail page. To modify RASCI assignments, click the Edit button within the RASCI tab, which opens the edit form on the RASCI section.

Exporting tasks for reports

On the task index page, apply any filters you need (for example, click Active and then filter by a specific responsible person using the search bar). Then click XLSX in the action bar to download a spreadsheet of the filtered tasks, ready to include in a monthly compliance report or a board presentation. If you need machine-readable data for another tool, click JSON instead.

Checking workflow status

If your organisation uses approval workflows on tasks, click the Workflows tab in the Element Menu. The Overview sub-tab shows all workflow instances associated with this task and their current state. The Required Action sub-tab shows the specific step that is waiting for your response — useful when you have been notified that a workflow step needs your attention.

Field reference

Field

What it's for

Format / options

Required?

Name

The task's title, shown in the list and detail view

Free text, multi-language

Yes

Organisational Unit

Which part of the organisation owns this task

Dropdown from org chart

Recommended

Type

A classification tag for the task category

Tag selection from compliance settings

Optional

Deadline

The date by which the task must be completed

Date picker

Optional but strongly recommended

Start Date

When work on the task is expected to begin

Date picker

Optional

Estimated Effort

How long the task is expected to take

Format: Xw Xd Xh Xm — e.g. 1w 2d 3h 30m. Any non-blank value must match this pattern exactly. Leave blank if unknown.

Optional

Description

Detailed context and instructions

Rich-text editor

Optional but recommended

Responsible Person

Who is accountable for completing the task

Person picker (one or more colleagues)

Recommended

Status

Current lifecycle stage

Draft / Active / Review / Inactive, plus any custom statuses configured by your administrator

Required (defaults to Draft)

Priority

Urgency level

Low / Medium / High

Optional

How this connects to the rest of DPMS

Tasks are one of DPMS's cross-cutting objects, meaning they are referenced from almost every other module. You can open a task from the linked tasks table on an asset, vendor, risk, or processing activity (RoPA) detail page. Assessments and meetings can generate tasks that redirect you here. Workflow steps can deep-link directly to the Workflows sub-tab on a specific task.

From a task, you navigate outward: the Linked Elements tab takes you to risks, assets, or vendors; the Documents tab takes you to policy documents; the Assessments tab takes you to DPIAs. The breadcrumb Tasks link always returns you to the index.

Two settings areas affect what you see on the Tasks screen. Compliance Settings → Status Tags controls whether custom task statuses appear in the status dropdown alongside the four standard ones. Workflow Settings controls whether the Workflows tab has any available templates to trigger — without configured workflows, the tab shows an empty state.

After finishing work on a specific task, the natural next steps are: confirm that all linked elements are correct on the Linked Elements tab, verify that the relevant policy documents are attached on the Documents tab, and check the RASCI tab to ensure accountability is clearly assigned before moving the status to Review.

Tips & common pitfalls

Tip: Filter to a specific status tab before exporting. The XLSX and JSON export buttons only export what is currently shown in the filtered table. If you are on the All tab with no additional filters, you will export every task visible to you — which may be more than you intended.
Heads up: The Estimated Effort field has a strict format. Any non-blank entry must follow Xw Xd Xh Xm — for example, 2d or 1w 3h are both valid, but typing 3 days or 48h 0m in an unexpected pattern may trigger a validation error. Leave the field empty if you have no estimate.
  • The Element Menu state is global, not per-screen. The open or collapsed state of the left-hand navigation panel is saved in your browser and applies to all detail views in DPMS — tasks, risks, vendors, and more. If you collapse it on a task, it will be collapsed when you open a risk next.
  • Linked Elements, Documents, and Assessments cannot be edited in the detail view. These tabs are read-only when viewing a task. To add or remove links, click Edit on the relevant tab to open the full edit form.
  • The prev/next arrows follow your filter, not the full list. If you opened a task from a filtered view (e.g., tasks assigned to a specific person), the arrows cycle through only that filtered set — not all tasks. If a filter changes while you are in the detail view, the adjacent records may shift.
  • Custom statuses only appear if your administrator has set them up. If you expect to see organisation-specific statuses (beyond Draft, Active, Review, Inactive) and they are not appearing, ask your compliance settings administrator to configure them under Status Tags.
  • Bulk deletion is permanent. Selecting multiple rows and clicking Delete in the action bar removes those tasks immediately after confirmation. There is no recycle bin or undo. Make sure you have selected only the tasks you genuinely want to remove.

Glossary

RASCI — A responsibility matrix using five roles: Responsible (does the work), Accountable (ultimately answerable), Support (assists), Consulted (provides input), and Informed (kept in the loop).

Estimated Effort / Workload — The time expected to complete the task, expressed as Xw Xd Xh Xm (weeks, days, hours, minutes, based on an 8-hour day and 5-day week). Stored internally in minutes.

Activity Log / Change Log — A timestamped record of every change to a task, including who made it and when. Accessed via the clock icon in the task detail view.

Linked Elements — Other DPMS objects (assets, risks, vendors, processing activities, etc.) explicitly associated with this task to provide traceability between findings and remediation actions.

Workflow — A configured approval or review process that can be triggered on a task. Each step becomes a Required Action for a designated reviewer. Workflow templates are configured separately in Workflow Settings.

Was this article helpful?

English
Powered by Product Fruits