Legend Maturity levels

Maturity levels give an indication of how deeply ingrained data protection and privacy best practices are within an organisation. The Duthler Academy Privacy Seal provides a visible indicator of the achieved data protection and privacy capability level across seven progressive stages. Level 0 is an additional level used to indicate an organisation has applied for Privacy Seal certification and the application is currently under review.  
  

Privacy-Seal-maturity-level-icon-00

Level 0: Certification application completed

The organisation has applied to Duthler Academy for Privacy Seal certification and the review process is ongoing.

Privacy-Seal-maturity-level-icon-01

Level 1: Awareness

The organisation is aware of the core data protection precepts, has a good grasp of the boundaries of its accountability and liability and has appointed a Data Protection Officer. The internalisation process is in progress.

Privacy-Seal-maturity-level-icon-02

Level 2: Insight and oversight

The organisation has systematically examined and inventoried its personal data processing activities, modifications are adequately managed, and assessments are carried out on a scheduled basis. The results of the assessments are linked to provide insight and oversight of the processing.

Privacy-Seal-maturity-level-icon-03

Level 3: Management of chain liability

The organisation has systematically examined and inventoried its personal data processing activities, modifications are adequately managed, and assessments are carried out on a scheduled basis. The results of the assessments are linked to provide insight and oversight of the processing.

Privacy-Seal-maturity-level-icon-04

Level 4: Respects Data Subject rights

The organisation facilitates Data Subjects to exercise their active and passive rights. Social accountability is embedded in the organisation (Controller and/or Processor).

Privacy-Seal-maturity-level-icon-05

Level 5: Fair business practices

The Data Subject (customer, employee, patient or individual person) is in control of their personal data. The organisation (Controller or Processor) creates and maintains the conditions that ensure fair business practices.

Privacy-Seal-maturity-level-icon-06

Level 6: Organised

Data protection and privacy is embedded throughout the organisation: from IT to Admin and from customers to suppliers and staff. The organisation is accountable and can demonstrate the effectiveness of its data protection and privacy control mechanisms. Data protection has become so deeply ingrained in the organisation’s operations that it has become a major area of risk management – a mandatory element in the Annual Accounts.

Privacy-Seal-maturity-level-icon-07

Level 7: Good governance

There is a clear decision-making structure in place for putting data protection and privacy policy into effect - a necessary precondition for maintaining organisational accountability.