Yungratog S.Goerlandt F.Punurai W.Thammaboosadee S.Mahidol University2023-06-182023-06-182022-01-01IEEE International Conference on Industrial Engineering and Engineering Management Vol.2022-December (2022) , 1083-108721573611https://repository.li.mahidol.ac.th/handle/20.500.14594/83984Personal data is used to define customer requirements. Organizations should securely collect and process such data, using data protection policies aligned with the applicable regulations. The General Data Protection Regulation (GDPR), an EU data protection law, has include a data protection assessment method called Data Protection Impact Assessment (DPIA) to ensure personal data security. The maritime industry is also concerned about personal data protection. However, there is a still a lack of practical methods to assess data protection risks. This article aims to introduce the conceptual framework for a new method for risk assessment in maritime systems, using DPIA and various systems-theoretic risk approaches as a conceptual basis. The ICT system is a central system in which personal data is utilized in the architecture of maritime systems. In this article, this system will be taken as a basis for illustrating the newly proposed method for personal data security risk assessment in a DPIA context. The conceptual framework will be further concretized and tested in follow-up research.Business, Management and AccountingConference PaperSCOPUS10.1109/IEEM55944.2022.99895952-s2.0-851463591742157362X