Abstract
Big Data and Artificial Intelligence (AI) have become central to organisational success, yet they pose significant challenges to core data protection principles. Existing Data Protection Impact Assessment (DPIA) methodologies often rely on static, document-centred outputs that limit their ability to capture systemic, cumulative, and emergent risks in data-intensive environments. This paper synthesises key findings from multi-stage research that developed and validated a taxonomy of nine data protection and privacy-related risks (PTPs) through a multi-round Delphi study and expert interviews, and that proposed a conceptual model of an improved DPIA framework for Big Data Analytics (BDA) contexts. The paper further outlines research limitations and future directions, including the integration of cybersecurity techniques, such as Cyber Threat Intelligence (CTI) and Digital Forensics Readiness (DFR), to enable evidence-based accountability and post-incident learning. Collectively, these contributions position the DPIA not merely as a compliance checklist but as a living accountability mechanism capable of responding to evolving technical, organisational, and regulatory developments.
Recommended Citation
Georgiadis, Georgios and Poels, Geert, "Future-Proofing Data Protection Impact Assessment for Big Data and Artificial Intelligence Processing Operations" (2025). International Conference on Information Systems 2025 Special Interest Group on Big Data Proceedings. 2.
https://aisel.aisnet.org/sigbd2025/2