Abstract
It is increasingly recognised that Privacy Impact Assessments (PIAs) play a crucial role in providing privacy protection for data subjects and in supporting risk management for organisations. However, existing PIA processes are typically not accompanied with proper guidelines and/or methodologies that sufficiently support privacy risk assessments and illustrate precisely how the core part of the PIA a risk assessment can be conducted. We present an approach for assessing potential privacy risks built upon a privacy risk model that considers legal, organisational, societal and technical aspects. This approach has the potential to underpin a systematic and traceable privacy risk-assessment methodology that can complement PIA processes.