The focus area maturity model for privacy-by-design allows you to assess the maturity of the privacy-by-design practices of your organisation. The model consists of 10 levels denoting the maturity from 0 to 10 for each of the 14 focus areas. Each question asks whether a practice has been implemented in your organisation and has four answer options. Please answer all questions as accurately and truthfully as possible.
The model is subject to continued scientific validation and evaluation. You have the opportunity to contribute to the research behind this model by answering additional questions regarding your experience with the assessment and the model. Please read the informed consent notice below before you make a decision. Participation is completely voluntary. You can still just perform the assessment without participating, make sure to indicate that you do not wish to participate below in that case.
It is highly recommended that you familiarise yourself with the model before performing an assessment, especially if you choose to participate in the evaluation study! Depending on the maturity level, performing the full assessment takes 15-60 minutes.

Logo of Utrecht University

Informed consent

A focus area maturity model for privacy-by-design

You are invited to participate in a research study about privacy-by-design maturity. Please read this informed consent notice carefully before participating. Privacy-by-design is a paradigm that prescribes embedding privacy concerns in the life cycle of systems, processing activities, and data. Often this term is described as vague and there is no consensus on what privacy-by-design entails or how it should be applied in practice.

The goal of this study is to identify and classify the best privacy-by-design activities and consolidate them in a maturity model. This type of model can guide practitioners in determining what must be done and in what order so that privacy-by-design can be applied effectively.

Your participation in this study consists of completing a questionnaire as part of the evaluation of the model. You will perform the regular assessment which will include several additional questions about your opinion of the model, the assessment, and the resulting maturity results. Your answers to these questions will be used to further improve the model and support future research.

Your participation in this study is completely voluntary. You are not forced to participate and you may stop participating at any time, this will have no negative effects. There are no physical, legal, or economic risks tied to this research. There are no additional inducements or incentives apart from the maturity assessment results tied to your participation in this research.

The answers you provide during the assessment and evaluation questions will be stored and processed. The assessment questions ask for information regarding the privacy practices of your organisation while the evaluation questions ask for your opinion. We do not ask you to provide any personal data, all data is anonymised and will not be related to any specific person. Research data will be stored for 10 years following the policy framework for research data of Utrecht University.

This research study is conducted by researchers from Utrecht University. For questions or complaints regarding your data, you may contact the data protection officer of Utrecht University ( For general questions or further information regarding this research, you can contact the researchers:

Lead researcher
Project supervisor
F. van Dijk, MSc
M. Muszynski, MSc
prof. dr. S. Brinkkemper