Supporting privacy impact assessment by model-based privacy analysis

According to Article 35 of the General Data Protection Regulation (GDPR), data controllers are obligated to conduct a privacy impact assessment (PIA) to ensure the protection of sensitive data. Failure to properly protect sensitive data may affect data subjects negatively, and damage the reputation of data processors. Existing PIA approaches cannot be easily conducted, since they are mainly abstract or imprecise. Moreover, they lack a methodology to conduct the assessment concerning the design of IT systems. We propose a novel methodology to support PIA by performing model-based privacy and security analyses in the early phases of the system development. In our methodology, the design of a system is analyzed and, where necessary, appropriate security and privacy controls are suggested to improve the design. Hence, this methodology facilitates privacy by design as prescribed in Article 25 of the GDPR. We evaluated our methodology based on three industrial case studies and a quality-based comparison to the state of the art.