cybersecurity, cyber security, information protection, information security, personal data, a multiple-theoretical representation, GDPR-model, model of personal data parameters, assessment in the area of information security, GDPR regulation, losses assessment, loss of personal data


Developing of an effective method for assessing the negative consequences of a personal data (PD) leakage helps companies manage risks more effectively and protect their financial and reputational stability. The GDPR provides for the possi­bility of imposing significant fines in case of violation of data protection rules. The method will allow businesses to assess the potential financial consequences of a data leakage and implement effective preventive measures to saving themselves from possible fines. This developed method will help organizations effectively implement the GDPR requirements, ensuring a high level of data protection and appropriate risk management. The purpose of this paper is to develop a method for assessing the negative consequences of a PD confidentiality leakage in case of violation of the requirements established by the GDPR. The method of assessment in accordance with the provisions of the GDPR Regulation, which, through the stages of identifying the object of assessment (providing information about the enterprise), determining the level of violation, forming primary expert information and finalizing the procedure for processing expert data, analytically transforms the sets of input data of the developed tuple model of the integrated representation of parameters, values of values reflecting the judgment of experts, developed new assessment rules, scattering of points and a certain set of recommendations.


General Data Protection Regulation (GDPR) / Inter-soft Consulting. 2018. URL: https://gdpr-info.eu/ (date of access: 20.12.2023).

DLA Piper GDPR Data Breach Survey 2020 / DLA PIPER. 2020. URL: https://www.dlapiper.com/en-us/insights/publications/2020/01/gdpr-data-breach-survey-2020 (date of access: 29.12.2023).

What is a QRA? / DNV. URL: https://www.dnv. com/oilgas/qra/index.html (date of access: 20.12.2023).

D. Vose. Risk Analysis: A Quantitative Guide, 3rd Edition, 2008, p. 4 // URL: https: // books.google.com.ua /books?id=9CaoAqaRcVwC&printsec=copyright&redir_esc=y#v=onepage&q=QRA&f=false (date of access: 20.12.2023).

Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) / The CyberAB – CMMC Certifiction. 2023. URL: https://cyberab.org/ (date of access: 20.12.2023).

Fair Information Practice Principles (FIPPs) / FPC. 2022. URL: https: // www.fpc.gov / resources / fipps/ (date of access: 29.12.2023).

Introduction to FAIR / Medium. 2019. URL: https:// medium.com/@enstructure/introduction-to-fair-bc5e¬7da0e72c (date of access: 20.12.2023).

О. Корченко, Ю. Дрейс, І. Лозова. Модель та метод оцінки ризиків захисту персональних даних під час їх обробки в автоматизованих систе-мах, Захист інформації, Т. 18, № 1, С. 39-47, 2016.

Лозова І., Педченко Є., Баланда А. Теоретико-множинне представлення параметру «Рівень порушення» для кортежної GDPR-моделі, ITSec-2020: Безпека інформаційних технологій матеріали Х міжнар. наук.-техніч. конф., м. Київ, 19-24 березня 2020 року. Київ, 2020. С. 47-49.

О. Корченко, Ю.Дрейс, І.Лозова, Є. Педченко. Теоретико-множинна GDPR-модель параметрів персональних даних. Захист інформації, Т. 22, № 2, 2020. С. 120-141.