Description:

Privacy Risk Assessments are widely required in regulation and recommended in standards such as DPIA, ISO/IEC 29134, and NIST PRAM. However, organizations still struggle to apply these frameworks consistently in practice, especially in complex digital environments such as AI systems, platform ecosystems, and data-intensive services. This master’s thesis will examine where current privacy risk assessment approaches fall short and identify opportunities for more practical, scalable, and evidence-based methods. A possible contribution of the thesis is the design of a privacy risk assessment framework, model, or structured methodology that helps organizations assess and mitigate privacy risks more effectively in real-world settings.