Personal Data Breach Severity Assessment Methodology

Based on a 2011 ENISA study on implementation of Article 4 of the ePrivacy Directive, the Data Protection Authorities of Greece and Germany in collaboration with ENISA developed this methodology for data breach severity assessment that could be used both by DPAs as well as data controllers. This working document is a first result of the co-operation between experts of the two DPAs and ENISA. It is planned to further develop the methodology with the aim to generate a final practical tool for a data breach severity assessment.