Risk Assessment - DPIA



The objective of this material is to offer methodological guidance on risk-based security and privacy protection. In particular, the material describes in detail the information security risk assessment and management process based on the relevant international standard ISO/IEC 27005 (2018). In sequence, methodological guidance is provided for the data protection impact analysis based on the recommendations by the National Personal Data Protection Authority in France.

The material mainly targets DPOs, risk analysts, software engineers, security and privacy experts. The reader is expected to:

  • Understand the concept of risk in security and privacy protection.
  • Become familiar with the security risk assessment activities and the selection of security strategies based on security risk analysis.
  • Become familiar with the data protection impact analysis activities and the selection of privacy enhancing tools based on privacy risk analysis.
  • Understand the similarities and differences between security risk analysis and data protection impact assessment.

See relevant slides


General References



Λογότυπο byDesign toolkit & Europe

This online toolkit was funded by the European Union’s Rights, Equality and Citizenship Programme (2014-2020).

Disclaimer: The content of this online toolkit represents the views of the authors only and is their sole responsibility. The European Commission does not accept any responsibility for use that may be made of the information it contains.