| dc.description.abstract | The implementation of the GDPR brought about the legal requirement of performing DPIAs on software systems. Consequently, many templates for performing DPIAs are available for use. However, common for most of them is that they lack a way to easily re-assess the system without starting from the beginning. This unmet need is the motivation for our thesis. We aim to design a digital tool which is able to streamline the privacy risk assessment, with the overarching goal of exploring what is needed to achieve this. To this end, we identify the needs of such a tool, formulate a set of requirements based on those needs, implement these requirements into the tool, and eval- uate our implementation. As the time available is limited, we base the tool, which we name LARA, on a version of the LINDDUN privacy threat model- ing methodology. We identified the needs based on the target group, which is those who require the use of a DPIA. Two evaluation methods were used to assess LARA. The first was a case study consisting of two use cases and a comparison to a similar, existing tool. LARA was evaluated by performing a limited risk assessment, then a re-assessment using the results of the first use case, then compared to a digital tool with a LINDDUN implementation. The second evaluation was of the intuitiveness of LARA through usability testing. Our findings based on these evaluations lead us to believe that LARA is able to increase the ease of performance for the privacy risk assessment through the automatization of LINDDUN’s knowledge base. Based on the experience gained through the work, we conclude that improvements in the knowledge base, with the addition of a knowledge base for threat scenarios, is a require- ment for further automatization. However, due to the expertise requirements of a tester for such a tool, we cannot guarantee the accuracy of our results. Finally, we present the recommendations for further improvements on the subject. | eng |