This project presents a fictional Data Privacy Impact Assessment (DPIA) for MedSecure, a digital healthcare application that handles sensitive patient data. The goal is to identify privacy risks and recommend appropriate mitigation strategies based on GDPR principles.
MedSecure is a digital platform designed to allow patients to manage their healthcare records, book appointments, and communicate securely with healthcare professionals. Since the app processes sensitive health data, this DPIA focuses on identifying cybersecurity risks and ensuring data privacy compliance.
- DPIA Report (PDF): Outlines the purpose, scope, findings, and mitigation strategies.
- Privacy Risk Matrix (Excel): Categorizes risks by likelihood and impact with mitigation recommendations.
This diagram illustrates how data flows between users, the MedSecure mobile application, backend servers, and healthcare providers.
Identified risks include:
- Undefined data retention policy
- Security gaps in third-party services
- Inadequate authentication mechanisms
Each risk has been assessed and paired with practical mitigation strategies to reduce potential harm and enhance privacy.
- Python (for report and diagram generation)
- Excel (risk matrix)
- Markdown (documentation)
- Git/GitHub (version control)
Completed
This project is part of a cybersecurity academic portfolio and not implemented in a real environment.