Schneider, BettinaAsprion, PetraMisyura, IlyaJonkers, NatalieZaugg, Esther2024-04-172024-04-17202310.29007/5lfshttps://irf.fhnw.ch/handle/11654/43441https://doi.org/10.26041/fhnw-7406The European (EU) General Data Protection Regulation (GDPR) is applicable since May 2018 and has since posed major challenges for small businesses with limited knowledge and resources. According to Art. 35 of the GDPR, a so-called ‘Data Protection Impact Assessment’ (DPIA) is mandatory if a processing of personal data is likely to result in a high risk to the rights and freedoms of natural persons. There is a demand for low-threshold, practical instruments that support the required DPIA. The objective of this research was to develop a new DPIA instrument that meets the needs – as unit of analysis – of non-technology small businesses and complies with the requirements of the EU GDPR. Design Science Research was used as the methodological framework and identified personas were drivers in the development. The result is two variants of instruments that have been carefully evaluated and proven to be valuable.en330 - WirtschaftPersona-oriented data protection impact assessment for small businesses04B - Beitrag Konferenzschrift152-163