Maturity Model Frameworks are all the rage!

Guess what, it turns out that the Supervisory Authorities think a Maturity Model approach for GDPR Compliance is a good idea. The latest publication from the French Supervisory Authority CNIL who has published a “data protection management maturity model.”

Maturity Model Frameworks are all the rage!

CNIL’s model “transposes the maturity levels defined in international standards[based on the CMM] to data protection management” and “allows organizations to assess their own level of maturity and determine how to improve their management of data protection.”

Hello CNIL, Fort Privacy is 100% behind you – and even a few years ahead of you.

Here at Fort Privacy, we are great fans of the Maturity Model approach, it is a foundational principle in our Framework. Like CNIL, we took the inspiration for our Maturity Model from the CMM – some of us came from an engineering background where CMM was king! We changed some of the terminology to better fit with the non-engineering environments, but we didn’t change any of the underlying concepts.

The big difference is we have been using our Maturity Model Framework day-in and day-out for the past few years. It has had some serious road-testing at this stage and in truth it has transformed how we deliver our services for our customers – and more importantly how our customers get to grips with their GDPR compliance.

Our story of how we came to develop out Maturity Model Framework is a simple one. We needed it.

We were having difficulty delivering compliance programmes with our customers because we were trying to get them to run before they were able to walk. A compliance program is a journey not a destination and we figured out early on that a maturity model approach would help us to evaluate where our customers are in their own compliance journey in order to understand what help would be most appropriate. The result has been much happier customers!

The Maturity Model Framework also sits very well with the risk-based approach to data protection. A customer processing low risk data probably doesn’t need to be at level 5 maturity across their entire compliance programme and can choose the appropriate level based on the relative risks in the processing activity.

So, CNIL we are very happy to see you publish your Maturity Model. We think it’s a case of “Great Minds Think Alike” (or “Les Grands Esprits Se Rencontrent” even)!

The Fort Privacy Maturity Model Framework documents 5 levels of maturity [Ad hoc/ Established / Implemented / Measured and Optimised ] across 10 categories of Data Protection Compliance. Its fully mapped to the GDPR and backed-up in practice by a complete 1,500 Question compliance audit and a full suite of process, policy, legal and transparency templates that enable Fort Privacy to deliver this very powerful compliance tool to our clients.
Its CNIL on steroids!


Introducing the Fort Privacy Maturity Model Framework

Find out more about the Fort Privacy Maturity Model Framework and how it can help your business with your compliance needs.

Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information

Get your head above the crowd and KPI your Data Protection Programme

03 March 2023

Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.

Scroll to top