Tool-Assisted Risk Analysis for Data Protection Impact Assessment

  • Salimeh DashtiEmail author
  • Silvio Ranise
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 576)


Unlike the classical risk analysis that protects the assets of the company in question, the GDPR protects data subject’s rights and freedoms, that is, the right to data protection and the right to have full control and knowledge about data processing concerning them. The GDPR articulates Data Protection Impact Assessment (DPIA) in article 35. DPIA is a risk-based process to enhance and demonstrate compliance with these requirements. We propose a methodology to conduct the DPIA in three steps and provide a supporting tool. In this paper, we particularly elaborate on risk analysis as a step of this methodology. The provided tool assists controllers to facilitate data subject’s rights and freedoms. The assistance that our tool provides differentiates our work from the existing ones.


Data Processing Impact Assessment Privacy risk analysis Impact Rights and freedoms 


  1. 1.
    Ahmadian, A., Strüber, D., Riediger, V., Jürjens, J.: Supporting privacy impact assessment by model-based privacy analysis. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 1467–1474 (2018)Google Scholar
  2. 2.
    Alnemr, R., et al.: A data protection impact assessment methodology for cloud. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 60–92. Springer, Cham (2016). Scholar
  3. 3.
    Alshammari, M., Simpson, A.: Towards an effective PIA-based risk analysis: an approach for analysing potential privacy risks. Technical report CS-RR-18-01, Department of Computer Science, University of Oxford (2017)Google Scholar
  4. 4.
    Article 29 Working Party: Guidelines on data protection impact assessment and determining whether processing is “likely to result in a high risk” for the purposes of regulation 2016/679. Accessed 19 June 2019
  5. 5.
    Article 29 Working Party: Opinion 07/2013 on the data protection impact assessment template for smart grid and smart metering systems (‘DPIA template’) prepared by expert group 2 of the commission’s smart grid task force. Accessed 19 June 2019
  6. 6.
    Article 29 Working Party: Opinion 5/2010 on the industry proposal for a privacy and data protection impact assessment framework for RFID applications. Accessed 19 June 2019
  7. 7.
    Bieker, F., Friedewald, M., Hansen, M., Obersteller, H., Rost, M.: A process for data protection impact assessment under the European general data protection regulation. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 21–37. Springer, Cham (2016). Scholar
  8. 8.
    Clarke, R.: Privacy impact assessments (1999). Accessed 22 Oct 2019
  9. 9.
    Clarke, R.: Privacy impact assessment: its origins and development. Comput. Law Secur. Rev. 25(2), 123–135 (2009)CrossRefGoogle Scholar
  10. 10.
    CNIL (Commission Nationale de l’Informatique et des Libertés): Methodology for privacy risk management (2012).
  11. 11.
    CNIL (Commission Nationale de l’Informatique et des Libertés): How to carry out a PIA (2015).
  12. 12.
    CNIL (Commission Nationale de l’Informatique et des Libertés): Privacy risk assessment (PIA) (2018).
  13. 13.
    Coles, J., Faily, S., Ki-Aries, D.: Tool-supporting data protection impact assessments with CAIRIS. In: 5th International Workshop on Evolving Security & Privacy Requirements Engineering, pp. 21–27. IEEE (2018)Google Scholar
  14. 14.
    Conference of the independent data protection authorities of the Federal and State Governments of Germany: The standard data protection model, vol 1.0 EN1 (2017)Google Scholar
  15. 15.
    Cuijpers, C., Koops, B.J.: Smart metering and privacy in Europe: lessons from the Dutch case. In: Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (eds.) European Data Protection: Coming of Age, pp. 269–293. Springer, Heidelberg (2013). Scholar
  16. 16.
    Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)
  17. 17.
    Dashti, S., Ranise, S.: A tool-assisted methodology for the data protection impact assessment. In: Proceedings of the International Conference on Security and Cryptography (2019)Google Scholar
  18. 18.
    De, S.J., Le Métayer, D.: PRIAM: a privacy risk analysis methodology. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA - 2016. LNCS, vol. 9963, pp. 221–229. Springer, Cham (2016). Scholar
  19. 19.
    Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)CrossRefGoogle Scholar
  20. 20.
    FIPS (Federal Information Processing Standard Publication) 200: Minimum security requirements for al information and information systems (2006).
  21. 21.
    Guarda, P., Ranise, S., Siswantoro, H.: Security analysis and legal compliance checking for the design of privacy-friendly information systems. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 247–254 (2017)Google Scholar
  22. 22.
    Hansen, M.: Top 10 mistakes in system design from a privacy perspective and privacy protection goals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IAICT, vol. 375, pp. 14–31. Springer, Heidelberg (2012). Scholar
  23. 23.
    Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: IEEE Security and Privacy Workshops, pp. 159–166 (2015)Google Scholar
  24. 24.
    ICO (Information Commission’s Office): Conducting privacy impact assessments code of practice (2014). Accessed 19 June 2019
  25. 25.
    ICO (Information Commission’s Office): Data protection impact assessments (2018). Accessed 19 June 2019
  26. 26.
    NIST (National Institute of Standard and Technology): Security and privacy controls for federal information systems and organization. NIST special publication 800–53 (2013).
  27. 27.
    NISTIR (National Institute of Standard and Technology Internal Report): Nist privacy risk assessment methodology (PRAM).
  28. 28.
    Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 126–150 (2014)CrossRefGoogle Scholar
  29. 29.
    Ranise, S., Siswantoro, H.: Automated legal compliance checking by security policy analysis. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 361–372. Springer, Heidelberg (2017). Scholar
  30. 30.
    Rost, M., Bock, K.: Privacy by design and the new protection goals. Datenschutz und Datensicherheit 35, 30–35 (2011)Google Scholar
  31. 31.
    Rost, M., Pfitzmann, A.: Datenschutz-schutzziele—revisited. Datenschutz und Datensicherheit 33(6), 353–358 (2009)Google Scholar
  32. 32.
    Schulz, W., Wittner, F., Bavendiek, K., Schupp, S.: Modeling and verification in GDPR’s data protection impact assessment (2019).
  33. 33.
    Siena, A., Morandini, M., Susi, A.: Modelling risks in open source software component selection. In: Yu, E., Dobbie, G., Jarke, M., Purao, S. (eds.) ER 2014. LNCS, vol. 8824, pp. 335–348. Springer, Cham (2014). Scholar
  34. 34.
    Solove, D.J.: A taxonomy of privacy. Univ. Pennsylvania Law Rev. 154, 477 (2005)CrossRefGoogle Scholar
  35. 35.
    Spiekermann, S.: The RFID PIA-developed by industry, endorsed by regulators. In: Wright, D., de Hert, P. (eds.) Privacy Impact Assessment, vol. 6, pp. 323–346. Springer, Heidelberg (2012). Scholar
  36. 36.
    Spiekermann, S., Cranor, L.F.: Engineering privacy. Trans. Softw. Eng. 35(1), 67–82 (2008)CrossRefGoogle Scholar
  37. 37.
    Spiekermann, S., Oetzel, M.C.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 128–150 (2014)Google Scholar
  38. 38.
    Van Dijk, N., Gellert, R., Rommetveit, K.: A risk to a right? Beyond data protection risk assessments. Comput. Law Secur. Rev. 32(2), 286–306 (2016)CrossRefGoogle Scholar
  39. 39.
    Vemou, K., Karyda, M.: An evaluation framework for privacy impact assessment methods. In: 12th Mediterranean Conference on Information Systems (2018)Google Scholar
  40. 40.
    Wright, D.: The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28(1), 54–61 (2012)CrossRefGoogle Scholar
  41. 41.
    Wright, D., Finn, R., Rodrigues, R.: A comparative analysis of privacy impact assessment in six countries. J. Contemp. Eur. Res. 9(1), 160–180 (2013)Google Scholar
  42. 42.
    Wright, D., de Hert, P.: Privacy Impact Assessment, vol. 6. Springer, Heidelberg (2012). Scholar

Copyright information

© IFIP International Federation for Information Processing 2020

Authors and Affiliations

  1. 1.Security and Trust - Fondazione Bruno KesslerTrentoItaly
  2. 2.DIBRIS - University of GenoaGenoaItaly

Personalised recommendations