Skip to main content

A Data Protection Impact Assessment Methodology for Cloud

Part of the Lecture Notes in Computer Science book series (LNSC,volume 9484)


We propose a data protection impact assessment (DPIA) method based on successive questionnaires for an initial screening and for a full screening for a given project. These were tailored to satisfy the needs of Small and Medium Enterprises (SMEs) that intend to process personal data in the cloud. The approach is based on legal and socio-economic analysis of privacy issues for cloud deployments and takes into consideration the new requirements for DPIAs within the European Union (EU) as put forward by the proposed General Data Protection Regulation (GDPR). The resultant features have been implemented within a tool.


  • Data protection impact assessment
  • Cloud
  • Privacy

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-31456-3_4
  • Chapter length: 33 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-31456-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.


  1. 1.

    Cloud Accountability Project (A4Cloud)

  2. 2.

  3. 3.

    Note that even if the full-scale DPIA is not required, taking it nevertheless is beneficial because the questionnaire, guiding responses and assessment may help in raising the privacy bar of any project or service.

  4. 4.

    A secondary user group consists of concerned individuals who consider taking their data to the cloud. The tool will help them make considered choices regarding requirements for cloud service providers. A sister tool in the A4Cloud project, the Cloud Offerings Assistance Tool (COAT) can take these requirements to filter relevant cloud offerings for the user to choose from.

  5. 5.

    Both the European Parliament and the Council have agreed on their texts amending Commission's initial proposal on a GDPR. Although, there is broad agreement between the institutions on core issues, the exact wording is to be decided –probably by the end of 2015- following a series of Trilogue Meetings.

  6. 6.

    For more on the concept of “future-proof” see under Sect. 3.5: Discussion.

  7. 7.

    Which will arguably embody the current state of the art in data protection legislation, as well as the result of the doctrinal elaboration the concept had in the last two decades.

  8. 8.

    For instance, Question 10 in Table 2 (“Are all the information and its subsets you handle necessary to fulfill the purposes of your project?”) or Question 17 (“Does your project involve the use of existing personal information for new purposes?”) were drafted by taking into consideration the already existing legal requirements.

  9. 9.

    For instance, Question 11 in Table 2 (“Is it possible for the individual to restrict the purposes for which you process the information?”).

  10. 10.

    The table we developed is composed by the following categories: question, explanation of the question, question type (which frames the possible answers to be given by the users, e.g. in the form of radio buttons, checkboxes, or yes/no binary answers), responses to be given to the users in order to educate them while they go through the questionnaire, actions to be performed by the tool as a consequence of the users’ answers (e.g. go to the next question). A weighing of the users’ activities’ impact on data subjects’ privacy and data protection was originally embedded in the table as well.

  11. 11.

    See supra note 4.

  12. 12.

    Based on the intuition that the longer data is stored, the higher the likelihood that something happens to the data. Of course this is not necessarily, or always, the case, but as a heuristic it may suffice to make the user think about data retention.

  13. 13.

    A gross negligence in an anonymization process giving ability to unduly infer a data subject’s identity, for instance, which is usually a data protection violation per se, can lead to a diverse array of consequences (such as identity theft, physical harm – e.g. domestic violence victims tracked down by their assailants) depending on the concrete circumstances of the case.

  14. 14.

    Our consideration of the impact deriving from privacy and data protection violations, however, was largely shaped according to Solove’s classification (Ibid.), which taxonomizes privacy violations according to four macro-categories (Information collection, information processing, information dissemination, intrusion), each of which can be subdivided into more specific subcategories.

  15. 15.

    The user may notice while going through the tool that their situation is not satisfactory covered by the questions. This may be a clear indicator to seek professional help to supplement the tool’s assessment.

  16. 16.

    Questions 48-50 in Table 2 refer to the service models in a cloud environment.

  17. 17.

    Note that deletion assumes particular importance in the cloud: the remoteness of the physical machines and the lack of control cloud users have over them, considered in relation to the fact that several different layers of deletion exist (from a mere drag-and-drop in the OS' virtual rubbish bin to the physical destruction of the hardware in which the virtual machine of the user lies), make deletion a focal point when assessing the risks a data subject is prone to.

  18. 18.

    E.g. Question 47 in Table 2.

  19. 19.

    See question 28 in Table 2.

  20. 20.

    See question 29 in Table 2.

  21. 21.

    See Questions 48-50 in Table 2.

  22. 22.

  23. 23.

    Drools Business Rules Management System Solution:

  24. 24.

    RESTful is a standard for web APIs and transport protocol.

  25. 25.

    JSON Data Interchange Format:


  1. Article 29 Data Protection Working Party: Statement on the role of a risk-based approach in data protection legal frameworks (WP218), May (2014).

  2. Australian Government, Office of the Australian Information Commissioner: Privacy Impact Assessment Guide (OAIC) (2010)

    Google Scholar 

  3. Avepoint: Avepoint Privacy Impact Assessment (APIA) System (2015).

  4. Bennett, C.J., Raab, C.D.: The Governance of Privacy: Policy Instruments in Global Perspective. MIT Press, Cambridge (2006)

    Google Scholar 

  5. CambridgeSoft: ChemBioOffice Cloud–An Integrated Decision Support System for CHDI (2010).

  6. Cayirci, E., Garaga, A., Santana de Oliveira, A., Roudier, Y.: A cloud adoption risk assessment model. utility and cloud computing (UCC). In: 2014 IEEE/ACM 7th International Conference, pp. 908–913 (2014)

    Google Scholar 

  7. Centre for Information Policy Leadership (CIPL): A Risk-based Approach to Privacy: Improving Effectiveness in Practice (2014).

  8. Clarke, R.: Privacy impact assessment: its origins and development. Comput. Law Secur. Rev. 25(2), 123–135 (2009)

    CrossRef  Google Scholar 

  9. Cloud Security Alliance (CSA): Security guidance for critical areas of focus in cloud computing, v3.0 (2011).

  10. Cloud Security Alliance (CSA): The notorious nine: Cloud computing top threats in 2013, v.1.0 (2013).

  11. Commission Nationale de L’informatique et des Libertés (CNIL): Recommendations for Companies Planning to Use Cloud Computing Services (2012).

  12. Commission Nationale de L’informatique et des Libertés (CNIL): Methodology for Privacy Risk Management (2012)

    Google Scholar 

  13. COM 11 final 2012/0011 (COD) European Commission: Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Brussels, 25.1.2012 p. 1. (2012)

    Google Scholar 

  14. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data OJ L281/31 (DPD) (1995)

    Google Scholar 

  15. De Hert, P.: A human rights perspective on privacy and data protection impact assessment. In: Wright, D., De Hert, P. (eds.) Privacy Impact Assessment. Law, Governance and Technology Series, vol. 6, pp. 33–76. Springer, Netherlands (2012)

    CrossRef  Google Scholar 

  16. European Union Agency for Network and Information Security - European Network and Information Security Agency. Cloud Computing - Benefits, risks and recommendations for information security (2009)

    Google Scholar 

  17. European Network and Information Security Agency: Cloud Security Incident Reporting: Framework for reporting about major cloud security incidents, ENISA (2013)

    Google Scholar 

  18. Felici, M., Pearson, S.: Accountability, risk, and trust in cloud services: towards an accountability-based approach to risk and trust governance. In: IEEE Proceedings of SERVICES, pp. 105–112 (2014)

    Google Scholar 

  19. Garaga, A., Santana de Oliveira, A., Cayirci, E., Dalla Corte, L., Leenes, R., Mhungu, R., Stefanatou, D., Tetrimida, K., Alnemr, R., Felici, M., Pearson, S., Vranaki, A.: D:C-6.2 Prototype for the data protection impact assessment tool. A4Cloud Deliverable D36.2 (2014).

  20. Harbird, R., Ahmed, M., Finkelstein, A., McKinney, E., Burroughs, A.: Privacy Impact Assessment with PRAIS (2007).

  21. Hall, M. et al.: The WEKA Data Mining Software: An Update; SIGKDD Explorations, vol. 11, no. (2009)

    Google Scholar 

  22. Information Commissioner’s Office: Privacy Impact Assessment Handbook (2011).

  23. Information Commissioner’s Office: Conducting privacy impact assessments code of practice (2014).

  24. Information Commissioner’s Office: Guidance for Companies on the Use of Cloud Computing, v1.1 (2012).

  25. Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800, Washington (2011)

    CrossRef  Google Scholar 

  26. Millard, C.J. (ed.): Cloud Computing Law. Oxford University Press, Oxford (2013)

    Google Scholar 

  27. National Institute of Standards and Technology NIST: Guidelines on Security and Privacy in Public Cloud Computing, SP 800-144 (2011).

  28. NOREA: Privacy Impact Assessment: Introductie, handreiking en vragenlijst. beroepsorganisatie van IT-auditors (2013).

  29. Organisation for Economic Co-operation and Development OECD: Guidelines Concerning the Protection of Privacy and Transborder Flows of Personal Data (2013).

  30. Office of the Privacy Commissioner of Canada: Securing Personal Information: A Self-Assessment Tool for Organisations (2011).

  31. Pearson, S: Simple Mode: Addressing Knowledge Engineering Complexity in a Privacy Expert System, HP Labs External Technical Report, HPL-2010-75, June (2010).

  32. Pearson, S., Sander, T.: A decision support system for privacy compliance. In: Data Mining: Concepts, Methodologies, Tools, and Applications, pp. 1496–1518. Information Science Reference, Hershey (2013). doi:10.4018/978-1-4666-2455-9.ch078

    Google Scholar 

  33. Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, accountable privacy management for large organizations. In: Enterprise Distributed Object Computing Conference Workshops, EDOCW 2009, vol. 13, pp. 168–175 (2009)

    Google Scholar 

  34. Sander, T., Pearson, S.: Decision support for selection of cloud service providers. Int. J. Comput. (JoC) GTSF 1(1), 106–113 (2010)

    Google Scholar 

  35. SEC 72 final, Commission Staff Working Paper: Impact Assessment Accompanying the document Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. Brussels, 25.1.2012, p. 81 (2012).

  36. Svantesson, D., Clarke, R.: Privacy and consumer risks in cloud computing. Comput. Law Secur. Rev. 26(4), 392 (2010)

    Google Scholar 

  37. Solove, D.J.: A taxonomy of privacy. Univ. PA Law Rev. 154, 477 (2006)

    CrossRef  Google Scholar 

  38. Tancock, D., Pearson S., Charlesworth. A.: The emergence of privacy impact assessments (2010).

  39. Tancock, D., Pearson, S., Charlesworth, A.: Analysis of privacy impact assessments within major jurisdictions. In: Proceedings of PST 2010, pp. 118–125. IEEE, Ottawa (2010)

    Google Scholar 

  40. Tancock, D., Pearson, S., Charlesworth, A.: A privacy impact assessment tool for cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing. Computer Communications and Networks, pp. 73–123. Springer, London (2013)

    CrossRef  Google Scholar 

  41. Truste: TRUSTe Assessment Manager.

  42. United States Department of Homeland Security: Privacy Threshold Analysis (PTA) (2007).

  43. Wright, D.: The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28(1), 54–61 (2012)

    CrossRef  Google Scholar 

  44. Wright, D., De Hert, P.: Introduction to Privacy Impact Assessment. Springer, Netherlands (2012)

    CrossRef  Google Scholar 

  45. Wright D.: Should privacy impact assessments be mandatory? Commun. ACM, 54(8), pp. 121–131 (2012)

    CrossRef  Google Scholar 

Download references


This work is part of the EU-funded FP7 project grant number 317550 titled as “Accountability for Cloud and Other Future Internet Services” (A4Cloud -

Author information

Authors and Affiliations


Corresponding author

Correspondence to Anderson Santana de Oliveira .

Editor information

Editors and Affiliations



See “Figs. 1, 2, 3 and 4” and “Tables 1, 2 and 3”.

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Alnemr, R. et al. (2016). A Data Protection Impact Assessment Methodology for Cloud. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds) Privacy Technologies and Policy. APF 2015. Lecture Notes in Computer Science(), vol 9484. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31455-6

  • Online ISBN: 978-3-319-31456-3

  • eBook Packages: Computer ScienceComputer Science (R0)