Yungratog S.Goerlandt F.Punurai W.Kim H.Liu Y.Thammaboosadee S.Mahidol University2026-06-062026-06-062026-01-01IEEE Access (2026)https://repository.li.mahidol.ac.th/handle/123456789/117122Data protection in the maritime domain remains a challenging issue due to the lack of domain specific assessment approaches, as existing methods are often insufficient for this domain. Systems within the maritime ICT framework collect personal data. The General Data Protection Regulation (GDPR) specifies provisions related to data protection assessment, namely the Data Protection Impact Assessment (DPIA). The DPIA procedure from related studies is applied as the research framework for regulatory compliance. This study proposes a data protection risk assessment with integrated methods as part of the risk assessment and controlling process in DPIA. The proposed method integrates multiple approaches to provide a more comprehensive and structured assessment of data protection risks. The integrated methods provide a systematic way to capture both technical and data protection risks, enabling the identification of risk scenarios and their causal factors that are often overlooked in conventional approaches, while supporting a more thorough evaluation of risk impacts. The results from the assessment provide guidelines for maritime organizations to deal with risks that are harmful to personal data. It also demonstrates that the proposed method can better support risk prioritization and decision making. The benefit for the maritime industry is that this study helps fill gaps in data protection assessment, where limited research exists. The outcomes can also be applied to organizational policies to enhance system security and strengthen customer trust.Materials ScienceComputer ScienceEngineeringArticleSCOPUS10.1109/ACCESS.2026.36980842-s2.0-10504038219421693536