1. Home
2. Information
3. Press releases
4. Overview of Objectives, Progress and Actions of the byRisk Project
5. Overview of Objectives, Progress and Actions of the byRisk Project

Overview of Objectives, Progress and Actions of the byRisk Project

Category Press release Date

31/12/2025

Protocol number 4632 The Hellenic Data Protection Authority launched, in December 2024, the implementation of the project entitled “Driven by risk: Fostering data protection risk assessment for SMEs and raising risk awareness among the general public (byRisk)”, following the successful submission of a proposal to the European Commission (https://byrisk-project.eu/). It is noted that the project is implemented under the coordination of the Authority and in cooperation with the University of Piraeus and the Greek ICT company Abovo, and is co-funded at a rate of 90% by the European Commission. [1]

The project has two main objectives:

1. To provide practical support to small and medium-sized enterprises (SMEs), acting as “data controllers”, through the development and provision of a tool for assessing the risks associated with the personal data processing activities they carry out.
2. To ensure appropriate information and awareness-raising for all interested parties (the general public, ICT professionals and students), also through the development and provision of a tool for information and risk awareness related to common data processing activities carried out by a wide range of data controllers. For the development of these tools, a needs assessment was conducted, along with the analysis and definition of relevant data protection requirements arising from the applicable national and European legal and regulatory framework. With the aid of a dedicated questionnaire, the relevant needs of SMEs regarding the risk assessment of data processing activities were identified, and the corresponding requirements were analysed and specified. SMEs operating in the sectors of tourism, education, retail trade, catering, healthcare and information technology services were approached, mainly through their professional associations.

Within this framework, the following tools are being developed:

• Risk Assessment Tool for Small and Medium-sized Enterprises: the individual software components, databases and user interfaces implementing the tool’s functionalities have already been developed, while testing is underway to verify and validate its accuracy, reliability and usability. The tool is expected to be completed and launched in pilot operation by March 2026.

• Data Protection Risk Awareness Tool: its development was based on a platform created within a previous project of the Authority, which initially supported multilingual questionnaires and document generation. For the purposes of the current project, the platform was extended to incorporate a structured risk modelling framework, including conceptual entities, mappings between entities and the mechanisms required to derive risk-related conclusions. The tool provides both an end-user interface and an administrative interface, delivered as web applications, and has been developed as a full JavaScript application.

To disseminate the project results, a series of actions has been designed and is being implemented, including the development of a dedicated project website, the publication of press releases, newsletters, leaflets and articles in the media. In addition, the organisation of an international conference is planned for October 2026, aiming to promote the sustainability of the project results. Representatives of peer supervisory authorities from EU Member States and of the European Data Protection Supervisor, the European Commission, as well as academic experts and researchers in the field of data protection, are expected to participate in the conference.

[1] The byRisk project is funded by the European Union’s Citizens, Equality, Rights and Values (CERV) Programme and is coordinated by the Hellenic Data Protection Authority. The views and opinions expressed are those of the project partners only and do not necessarily reflect those of the European Union or the European Commission. Neither the European Union nor the granting authority can be held responsible for them.

Social Sharing block

-

We use the cookies that are necessary to maintain your connection to the online services of the HDPA’s Portal and to store your preferences in relation to optional cookies (“Necessary”).
Only with your consent we will use any of the following optional cookies you select (“Analytics”, “LinkedIn”, “Twitter”). You can see information on each cookie category by passing the cursor over each option. Necessary Matomo LinkedIn Twitter Cookie Settings Reject all Accept selected cookies

Λεωφ. Κηφισίας 1-3, 11523 Αθήνα
Τ: 210 6475 655 • E: info@dpa.gr • www.dpa.gr