Compliance to the GDPR: a quantitative assessment of costs and risks

The General Data Protection Regulation, (EU 2016/679), comes into place in May 2018, with the potential to revolutionise the way companies treat individuals' privacy at present. With its detailed explanation of how data must be handled and potential breaches responded to, the new regulation poses dramatic costs on the budgets of compliant entities. This stage aims at building methods and tools to assess those costs in relation to the risks of breach. It involves activities of risk assessment and management, with the expectation that these be originally and effectively combined with existing freeware for both qualitative and quantitative forecasting. Its output will allow an analyst to enter the relevant information of a company and obtain qualitative and quantitative evidence of the significant security risks, as well as an automated indication of suggested measures. The output will have to show a provable added value to the company's decision making pertaining to the compliance process.

Tutor: prof. Giampaolo Bella