Driven by risk: Fostering data protection risk assessment for SMEs and raising risk awareness among the general public

The personal data protection legislation, having the prominent General Data Protection Regulation (GDPR) as the main pillar in the EU, adopts a risk-based approach with respect to the measures that need to be implemented towards demonstrating compliance. A risk-based approach necessitates a risk assessment, which aims to assess in an objective manner the risks that the planned processing of personal data may pose for the rights and freedoms of data subjects. However, whereas the data protection and privacy risks’ landscape is becoming increasingly complex, due to the advent of new technologies, in particular Artificial Intelligence (AI) that entails new risks, there is currently no formal/structured methodology or approach to efficiently address all the data protection risks.

The byRisk project, identifying the needs, on the one hand, for providing guidance and tools to facilitate SMEs towards assessing their data protection and privacy risks, and, on the other hand, for providing data subjects with a clear and trustworthy reference of the different risks to their rights and freedoms, along with the possible harms and mitigation methods, pursues two strategic goals:
– To facilitate SMEs with respect to properly identify and analyse all the data protection and privacy risks occurring in the context of the data processing operations they perform.
– To raise awareness regarding data protection and privacy risks to a vast spectrum of stakeholders, including SMEs and the general public.

The main contribution of ICT abovo in byRisk concerns the actual development of the two flagship tools offered by the project: the Risk Assessment Tool, particularly tailored for SMEs, that will provide the means for the identification and analysis of the data protection and privacy risks in an intuitive manner, leveraging context-aware questionnaires; and,.the Risk Awareness Tool, targeting the general public, in order to foster data subjects, awareness of data protection and privacy risks through appropriate visualisations of the risks, the associated harms, as well as precautions and countermeasures.

The byRisk project has received funding from the European Union’s Citizens, Equality, Rights and Values Programme (CERV) under grant agreement No. 101193352 and is coordinated by the Hellenic Data Protection Authority.

Project start date:
December 1, 2024

Project end date:
November 30, 2026

The personal data protection legislation, having the prominent General Data Protection Regulation (GDPR) as the main pillar in the EU, adopts a risk-based approach with respect to the measures that need to be implemented towards demonstrating compliance. A risk-based approach necessitates a risk assessment, which aims to assess in an objective manner the risks that the planned processing of personal data may pose for the rights and freedoms of data subjects. However, whereas the data protection and privacy risks’ landscape is becoming increasingly complex, due to the advent of new technologies, in particular Artificial Intelligence (AI) that entails new risks, there is currently no formal/structured methodology or approach to efficiently address all the data protection risks.

The byRisk project, identifying the needs, on the one hand, for providing guidance and tools to facilitate SMEs towards assessing their data protection and privacy risks, and, on the other hand, for providing data subjects with a clear and trustworthy reference of the different risks to their rights and freedoms, along with the possible harms and mitigation methods, pursues two strategic goals:
– To facilitate SMEs with respect to properly identify and analyse all the data protection and privacy risks occurring in the context of the data processing operations they perform.
– To raise awareness regarding data protection and privacy risks to a vast spectrum of stakeholders, including SMEs and the general public.

The main contribution of ICT abovo in byRisk concerns the actual development of the two flagship tools offered by the project: the Risk Assessment Tool, particularly tailored for SMEs, that will provide the means for the identification and analysis of the data protection and privacy risks in an intuitive manner, leveraging context-aware questionnaires; and,.the Risk Awareness Tool, targeting the general public, in order to foster data subjects, awareness of data protection and privacy risks through appropriate visualisations of the risks, the associated harms, as well as precautions and countermeasures.

The byRisk project has received funding from the European Union’s Citizens, Equality, Rights and Values Programme (CERV) under grant agreement No. 101193352 and is coordinated by the Hellenic Data Protection Authority.

Project start date:
December 1, 2024

Project end date:
November 30, 2026