The DPG cube allows for a standardized approach to data protection assessment. An Assessment requires precise knowledge of its target. The cube model allows to identify and determine all aspects and “players” relevant for a data protection assessment: the processes, roles and responsibilities and protection measures necessary to address the requirements of data protection represented by the six fundamental data protection goals. Using the protection goals allows a two-way check: To identify whether all and sufficient technical and organizational measures are taken that are required by data protection law and to determine whether all relevant processes have been identified. In doing so roles can be determined and responsibilities can be assigned which is essential for accountability. Yet, accountability (who is responsible for what?) is what is still missing in the majority of processing operations. In an assessment it is important to assess that there is a responsible entity for each and every operation.
Privacy conceptual model is the meta-model of a modeling language for the privacy domain Privacy requirements are specified as logic predicates that 1) bind elements of this modeling language among them and 2) constrain their properties Logic components of existing applications are mapped to privacy domain conceptual elements The mapping results in a model which is an instance of the aforementioned meta-model Privacy metrics define compliance criteria of the mapped system to the reference requirements A privacy metric expresses a quantifiable similarity criterion of the expected system state with its actual state