Marie Murphy
Guess what, it turns out that the Supervisory Authorities think a Maturity Model approach for GDPR Compliance is a good idea. The latest publication from the French Supervisory Authority CNIL who has published a “data protection management maturity model.”
CNIL’s model “transposes the maturity levels defined in international standards[based on the CMM] to data protection management” and “allows organizations to assess their own level of maturity and determine how to improve their management of data protection.”
Hello CNIL, Fort Privacy is 100% behind you – and even a few years ahead of you.
Here at Fort Privacy, we are great fans of the Maturity Model approach, it is a foundational principle in our Framework. Like CNIL, we took the inspiration for our Maturity Model from the CMM – some of us came from an engineering background where CMM was king! We changed some of the terminology to better fit with the non-engineering environments, but we didn’t change any of the underlying concepts.
The big difference is we have been using our Maturity Model Framework day-in and day-out for the past few years. It has had some serious road-testing at this stage and in truth it has transformed how we deliver our services for our customers – and more importantly how our customers get to grips with their GDPR compliance.
Our story of how we came to develop out Maturity Model Framework is a simple one. We needed it.
We were having difficulty delivering compliance programmes with our customers because we were trying to get them to run before they were able to walk. A compliance program is a journey not a destination and we figured out early on that a maturity model approach would help us to evaluate where our customers are in their own compliance journey in order to understand what help would be most appropriate. The result has been much happier customers!
The Maturity Model Framework also sits very well with the risk-based approach to data protection. A customer processing low risk data probably doesn’t need to be at level 5 maturity across their entire compliance programme and can choose the appropriate level based on the relative risks in the processing activity.
So, CNIL we are very happy to see you publish your Maturity Model. We think it’s a case of “Great Minds Think Alike” (or “Les Grands Esprits Se Rencontrent” even)!
The Fort Privacy Maturity Model Framework documents 5 levels of maturity [Ad hoc/ Established / Implemented / Measured and Optimised ] across 10 categories of Data Protection Compliance. Its fully mapped to the GDPR and backed-up in practice by a complete 1,500 Question compliance audit and a full suite of process, policy, legal and transparency templates that enable Fort Privacy to deliver this very powerful compliance tool to our clients.
Its CNIL on steroids!
Find out more about the Fort Privacy Maturity Model Framework and how it can help your business with your compliance needs.
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
My personal favourite old Chinese curse, "May you live in interesting times," feels particularly relevant these days. Our world is changing, with both exciting possibilities and daunting challenges emerging on every front. Change, after all, is a double-edged sword. And amidst this whirlwind of change, a new force is rapidly taking shape: Artificial Intelligence.
As a technologist, I am both excited and appalled at the developments in AI and it seems from various surveys that I am not alone. My greatest wish is that we can harness its power for good while dampening its power for misuse. It is early days yet – let’s hope this wish comes true!
Everyone loves a quiz so we decided we would kick-off the new year with a bit of tongue-in-cheek fun.
