A Conceptual Framework for Assessing Risks for Data Protection Impact Assessment Process in Maritime Industries

Personal data is used to define customer requirements. Organizations should securely collect and process such data, using data protection policies aligned with the applicable regulations. The General Data Protection Regulation (GDPR), an EU data protection law, has include a data protection assessment method called Data Protection Impact Assessment (DPIA) to ensure personal data security. The maritime industry is also concerned about personal data protection. However, there is a still a lack of practical methods to assess data protection risks. This article aims to introduce the conceptual framework for a new method for risk assessment in maritime systems, using DPIA and various systems-theoretic risk approaches as a conceptual basis. The ICT system is a central system in which personal data is utilized in the architecture of maritime systems. In this article, this system will be taken as a basis for illustrating the newly proposed method for personal data security risk assessment in a DPIA context. The conceptual framework will be further concretized and tested in follow-up research.