Skip to Main Content
Main Menu

Nymity Privacy Management Accountability Framework (PMAF)

The Nymity PMAF is a practical and operational structure for complying with the global privacy requirements. It is comprised of 13 Privacy Management Categories and over 130 privacy management activities that are aligned under the Build-Implement-Demonstrate privacy management lifecycle pillars of the TrustArc Privacy and Data Governance Framework.

About the framework

The Nymity PMAF is applicable to any organization looking to adopt a framework for privacy-based organizational accountability designed to help organizations comply with global privacy laws.

The Nymity Framework is associated with the highest Privacy Index scores among 13 standards.

Framework structure

The Nymity PMAF consists of the following 13 privacy management categories from which organizations can select from over 130 privacy management activities to build an accountable privacy program.
  • Maintain Governance Structure
  • Maintain Personal Data Inventory and Data Transfer Mechanisms
  • Maintain Internal Data Privacy Policy
  • Embed Data Privacy Into Operations
  • Maintain Training and Awareness Program
  • Manage Information Security Risk
  • Manage Third-Party Risk
  • Maintain Notices
  • Respond to Requests and Complaints from Individuals
  • Monitor for New Operational Practices
  • Maintain Data Privacy Breach Management Program
  • Monitor Data Handling Practices
  • Track External Criteria

Global Privacy Benchmark Report

This survey report provides a 360° view of how enterprises manage data protection and privacy. Feedback came from senior leadership inside the privacy office and privacy team members.


  • Do I need to adopt all 130+ Privacy Management Activities (PMAs) under the PMAF to have a compliant and accountable privacy program?

    No. The Nymity PMAF is designed to be flexible enabling you to select the PMAs that are necessary for your organization to achieve its privacy program management goals. In some cases it does not make sense to adopt all the PMAs under a privacy management category. For example, under Maintain Personal Data Inventory and Data Transfer Mechanisms there are multiple data transfer mechanisms listed, not all of which need to be used.

  • How does the Nymity PMAF differ from other frameworks?

    The Nymity PMAF is activities focused listing out what you need to do to develop an accountable privacy program that is positioned to comply with global privacy laws and regulations. Whereas controls based frameworks like ISO 27701 and the TrustArc Privacy and Data Governance Frameworks are controls-based focusing answering the question of how you need to do it.

  • Is the Nymity PMAF updated to address evolving privacy issues?

    Yes. The Nymity PMAF is updated regularly to address emerging privacy issues and is designed to be a living document. It was last updated in October 2023 to include two new PMAs and updates to existing PMAs to address challenges related to AI and reflect the changing privacy conservation.

The information provided does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented are for general informational purposes only.

Back to Top