A menu of privacy management activities (technical and organisational measures)

Privacy Management Uses

Organizations have found the Framework to be helpful when:


Structuring the Privacy Program

Structure your privacy program based on the 13 “Privacy Management Categories”. This process-based approach helps ensure privacy management is implemented not as a project, but as an ongoing process.



Use the baselining information to compare your program with others using the same structure of ‘Not Applicable’, ‘Desired’, ‘In Progress’, or ‘Implemented’. For the detailed process, obtain the free baselining and benchmarking paper, Nymity Privacy Accountability Baselining and Benchmarking Methodology™.


Baselining and Program Planning

Quickly baseline privacy management across your organization by simply removing the ‘Not Applicable’ privacy management activities and identifying which of the remaining activities have been implemented, are planned, or are desired.


Understanding Best Practices

Use the framework as a comprehensive and up-to-date listing of privacy management activities. Gain insight into how other organizations are implementing activities to enhance privacy management and to demonstrate accountability.

Demonstrating Accountability

Demonstrate that an effective privacy program is in place, in other words, demonstrate accountability for:



Prepare for an internal or external assessment, such as a privacy seal – this Framework is effective for assembling the necessary documentation and facilitating more effective collaboration between the auditor and auditee.


Reporting to Data Protection Authorities

Stand-ready to demonstrate accountability, on-demand, with evidence, to a Data Protection Authority (DPA). Some organizations currently use this Framework to be prepared to show due diligence in the event of an investigation. Nymity is currently researching the possible role of DPA Self-Attestations.


BCR Implementation and Monitoring

Save time and resources with this Framework when implementing and monitoring Binding Corporate Rules (BCR) in your organization. Nymity provides additional free resources for organizations wishing to use the Framework for this purpose.


Management Reporting

Report privacy management in a meaningful and simple way to senior management, C-Suite, and Board level.

A menu of privacy management activities (technical and organisational measures)

Accompanying Resources

Definitions and Scopes for 130+ Privacy Management Activities

A comprehensive listing of over 130+ privacy management activities identified through Nymity’s global data privacy accountability research.

Privacy Accountability Management Framework for Data Controllers Operating across Asia

This dissertation documents a study undertaken to find a Privacy Accountability Framework that could be used by organizations operating across Asia.