(“The Fort Privacy Framework” or “GDPR Compliance Framework”)


A few months ago a friend of ours who is doing a doctorate in the area of Data Protection – and yes, there is such a thing and yes his area of research is very interesting – came across an academic paper analysing maturity model framework methodologies for GDPR Compliance (DATA PROTECTION MATURITY: AN ANALYSIS OF METHODOLOGICAL TOOLS AND FRAMEWORKS by Tamás Laposa and Gáspár Frivaldszky).

We were pretty pleased to find that they had included the Fort Privacy Framework. However, we were a bit dismayed to find that the authors identified gaps in our framework – pretty basic gaps also. And gaps which actually don’t exist – the problem was they couldn’t find the information to verify that the Fort Privacy Framework actually addressed the specific topics. In the absence of evidence, they assumed it didn’t.

We know, because we have tested it, that our Framework maps to the GDPR and covers everything that an organisation needs to address for compliance. It was one of the basic requirements we set out for the Framework on day one.

What we haven’t done before now is set this out in detail and make it all publicly available.

After a lot of very hard work, we finally have our own Framework whitepaper.

This is not an academic whitepaper because we wanted to document something that any business who is using the Fort Privacy Framework or wants to use the framework can pick-up and use. We see this as our first release of a Framework that will be maintained and updated regularly.

After all, our understanding of GDPR is maturing, our GDPR compliance activities aren’t static and most importantly we are learning from doing. Everything we learn from working with our own clients day-in day-out on Framework implementation gets reflected back into our Framework in some shape. That may be new templates or updates to existing templates, new GDPR audit questions or improving our GDPR audit methodology. In the next few years we expect to figure out how our Framework will support organisations who are on a GDPR Certification journey (we are confident it will be a terrific help).

The Fort Privacy Maturity Model Framework was a (hard) labour of love to start with but as we realised just how powerful the Framework really is it inveigled its way into every aspect of our business – now we simply could not deliver without it.

We hope you try it out. With or without our support it will help you in your GDPR compliance journey. Just remember to give us the credit.

The Fort Privacy Maturity Model Framework – Not just a pretty picture!

With special thanks to Amy, Daniel and Gemma who not only contributed to this paper, but who contribute to maturing the Framework every day


The Fort Privacy GDPR Compliance Framework

We always say that “compliance is a journey and not a destination”. Think of the Fort Privacy Framework as the map that brings you along that journey.

Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information

Ode to DPO’s managing GDPR risk

27 June 2023

The General Data Protection Regulation is “risk” based legislation.  This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities.  It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.

Get your head above the crowd and KPI your Data Protection Programme

03 March 2023

Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.

Scroll to top