Skip to Main Content
Main Menu

TrustArc's Privacy & Data Governance Framework

The TrustArc Privacy & Data Governance (P&DG) Framework consists of operational controls that cover key privacy laws, regulatory frameworks, and requirements for ethics, compliance, and information governance programs.

About the framework

The TrustArc P&DG Framework is a controls-based framework that can be used by any organization looking for ways to align obligations across laws and regulations to support effective operationalization of privacy compliance and risk management.

Framework structure

The framework is organized by the three phases of building your privacy and data governance program – build, implement, and demonstrate. Under the three pillars there are 16 standards (that cover 55 controls):
  • Integrated Governance
  • Risk Assessment
  • Resource Allocation
  • Policies and Standards
  • Processes
  • Awareness and Training
  • Data Necessity
  • Use, Retention, and Disposal
  • Disclosure to Third Parties and Onward Transfer
  • Choice and Consent
  • Access and Individual Rights
  • Data Integrity and Quality
  • Security
  • Transparency
  • Monitoring and Assurance
  • Reporting and Certification

Nymity Framework: Privacy & Data Protection Update in 7 States

Discover how to stay compliant and safeguard customer data as our panelists decode state-specific privacy laws, share best practices, and discuss data security risk management.


  • Why adopt a framework-based approach to developing my privacy program?

    Building a program based on a framework, instead of on the basis of a single law, allows for the development of policies and procedures on the basis of common data protection and privacy concepts that extend across hundreds of laws and regulations around the world. These can subsequently be aligned with the legal requirements in various jurisdictions, which will in many situations only be different when it comes to specific details.

  • My program has been in place for a while now, can I still adopt a framework-based approach?

    A framework-based approach can be implemented at any stage of a privacy program. Even if your privacy program is well-advanced, it can easily be mapped to the TrustArc Privacy and Data Governance Framework, which in turns allows for easy compliance checks to privacy and data protection laws around the world as they exist today and as they evolve over time.

  • How does the TrustArc P&DG Framework work together with the Nymity PMAF?

    The two frameworks align privacy and data governance controls with privacy management activities across the privacy program lifecycle to help organizations effectively achieve their program goals and continuously improve upon them over time. The frameworks are designed to be flexible and can be used either separately or together. Together the Nymity PMAF and TrustArc P&DG Frameworks give you the tools you need to build and implement an effective privacy and data governance program, and demonstrate control effectiveness and program maturity.

The information provided does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented are for general informational purposes only.

Back to Top