Download PDFOpen PDF in browserPersona-oriented Data Protection Impact Assessment for Small Businesses12 pages•Published: May 26, 2023AbstractThe European (EU) General Data Protection Regulation (GDPR) is applicable since May 2018 and has since posed major challenges for small businesses with limited knowledge and resources. According to Art. 35 of the GDPR, a so-called ‘Data Protection Impact Assessment’ (DPIA) is mandatory if a processing of personal data is likely to result in a high risk to the rights and freedoms of natural persons. There is a demand for low-threshold, practical instruments that support the required DPIA. The objective of this research was to develop a new DPIA instrument that meets the needs – as unit of analysis – of non-technology small businesses and complies with the requirements of the EU GDPR. Design Science Research was used as the methodological framework and identified personas were drivers in the development. The result is two variants of instruments that have been carefully evaluated and proven to be valuable.Keyphrases: data protection, data protection impact assessment, european general data protection regulation, small businesses In: Aurona Gerber and Knut Hinkelmann (editors). Proceedings of Society 5.0 Conference 2023, vol 93, pages 152-163.
|