What It Is

The General Data Protection Regulation (GDPR) is an EU-wide regulation enacted in 2016, enforceable since May 25, 2018. It modernizes data privacy, protecting personal data of EU individuals with extraterritorial scope applying globally. Its risk-based, accountability-driven approach mandates lawful processing bases and demonstrable compliance.

Key Components

• Seven core principles: lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, accountability.
• Enhanced data subject rights (access, rectification, erasure, portability, objection).
• Obligations like Data Protection Officers (DPOs), Data Protection Impact Assessments (DPIAs), 72-hour breach notifications.
• Enforcement via fines up to €20M or 4% global turnover; no certification, but ongoing compliance required.

Why Organizations Use It

Mandatory for entities processing EU data, reducing legal risks and fines. Enhances trust, supports Digital Single Market, inspires global standards like LGPD/CCPA. Builds reputation, enables secure data flows.

Implementation Overview

Involves gap analysis, policy updates, training, DPIAs, DPO appointment. Applies to all sizes/industries targeting EU; two-year transition aided prep. Audits by supervisory authorities; continuous via records and monitoring.

What It Is

Capability Maturity Model Integration (CMMI) is a performance improvement framework developed by the Software Engineering Institute and now governed by ISACA. It provides a structured approach to process institutionalization across development, services, and acquisition, using maturity and capability levels to enhance predictability and quality.

Key Components

• 4 Category Areas (Doing, Managing, Enabling, Improving) with 12 Capability Areas and 25 Practice Areas in v2.0.
• Maturity Levels 0-5 (staged) and Capability Levels 0-3 (continuous).
• Generic practices for institutionalization and specific practices per area.
• SCAMPI appraisals (A/B/C) for benchmarking.

Why Organizations Use It

• Improves delivery predictability, reduces rework, boosts ROI.
• Meets contractual requirements in defense, regulated sectors.
• Enhances risk management, stakeholder trust, competitive positioning.

Implementation Overview

• Phased: assessment, piloting, rollout, appraisal, sustainment.
• Applies to mid-to-large organizations in IT, software, services.
• Involves training, tooling, change management; formal appraisals optional but recommended for certification. (178 words)