HomeKnowledge HubWeekly Guidance Watch › Privacy Maturity Assessment Framework (PMAF)

Government guidance · surfaced resource

Privacy Maturity Assessment Framework (PMAF)

Government Chief Privacy Officer (New Zealand)Maturity model

A free, structured framework for scoring an organisation's privacy maturity across four dimensions against three maturity levels — built by New Zealand's Government Chief Privacy Officer for public-sector agencies, but readily reusable anywhere.

Published by
Government Chief Privacy Officer (GCPO), New Zealand — hosted on the Digital Public Service site (digital.govt.nz)
Type
Maturity assessment framework + self-assessment tool
Jurisdiction
New Zealand (public-sector origin; the model is jurisdiction-neutral)
Primary audience
DPOs / privacy leads running a maturity baseline; public-sector privacy teams
Topic tags
privacy maturity · accountability · programme assessment · governance
Availability
Free; self-assessment framework and workbook; English

Why it matters

Boards and clients increasingly ask "how mature is our privacy programme?" — and most teams have no defensible way to answer. PMAF gives you one: four assessment sections (Core expectations, Leadership, Planning/policies/practice, and Privacy domains) scored against three maturity levels (informal, foundational, managed), producing a baseline you can evidence, repeat annually to show trajectory, and use to prioritise where to invest. It is free and lightweight, and although written for New Zealand public-sector agencies it maps cleanly onto UK GDPR Article 5(2) accountability and Article 24 governance obligations — a ready-made structure for a maturity baseline without building one from scratch. Easy to miss from a UK/EU vantage point.

A Weekly Guidance Watch resource entry, curated by VulaPri. We summarise and link to the original; we do not reproduce or host it. Suggest a correction.