feb 27
Capability Maturity Model for Safeguarding Privacy in Academic Research or: The GDPR Readiness Levels

This contribution is à titre personnelle, based on conversations with many.

It is intended for all who have an interest in communicating effectively with various stakeholders within your university and collectively reach a level of maturity, fitting for GDPR compliancy.

Update June 6 2017: version 0.3. Thanks for improvements suggested by: Marta Teperek and Esther Hoorn. Refered to in my Dutch e-data&research article: Privacy: van de nood een deugd maken​. 

Updated: version 0.2. Many thanks for improvements to: Heather Boet-Foley, Esther Hoorn and Hanny Gijsman. ​

Marlon Domingus, March 03 2017.​​

The GDPR Readiness Levels 0.3. MD 2017.png

What is it for?

I wrote this maturity model​ for three reasons:

1. it provides a logical structure for typically chaotic conversations and discussions with colleagues within your university;
2. it gives a sense of relief to find that many share the thoughts you have about the topic and
3. it gives a sense of direction; the things you do now, and the way you perceive things, have a way of maturing in due time. Now you can see the direction.

I cannot stress enough how grateful I am for all the perspectives shared with me during the many discussions I have had with many on the interesting topic of safeguarding privacy in academic research.

Continue sharing your thoughts with me; do the statements invoke a celebration of recognition? Can you share supporting quotes? Or, alternatively, do you miss something or do you see enhancements in sections or even the whole approach? Please do comment or send me a message.​

Finally, there is one other purpose I hope this maturity model will be beneficial for; use it as a guide to develop or adopt a strategy to move from one level to the next - and do so collectively within your university.

Next steps.

Combined with your feedback on this 0.2. version of the GDPR Readiness Levels, I will publish the next and improved version of the maturity model and add a section with practical steps to get from one level to the next.

I would argue that you have to be at Level 3 [Defined] / Level 4 [Managed] as an organisation to be really in control, in the way described in the EU General Data Protection Regulation (EU-GDPR).

We already know the deadline: May 25 2018; now we know roughly what to do until then.​


There are no comments for this post.

 Blog Tools