No. A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime. As a result, a company can utilize a privacy framework to build its privacy program or audit its maturity against a privacy framework and yet not be in compliance with specific provisions of data privacy laws. This can occur because a particular privacy law contains additional proscriptive requirements that are not captured by a privacy framework. For example, compare the following provision in ISO 29100:2011 and analogous provisions in the GDPR involving the identification of a point of contact for privacy related concerns:

A U.S. company that sells products to individuals in Europe could be compliant with the ISO 29100:2011 requirement by identifying the name of a privacy officer in the United States as a primary point of contact. While it would be complying with some GDPR requirements (i.e., Article 13(a) and/or Article 14(a)), it might not be fully compliant with the GDPR as Article 27 requires a point of contact that is physically in the European Union.