Bisztray, TamasGruschka, NilsMavroeidis, VasileiosFritsch, LotharRoßnagel, HeikoSchunck, Christian H.Mödersheim, SebastianHühnlein, Detlef2020-05-272020-05-272020978-3-88579-699-2https://dl.gi.de/handle/20.500.12116/33176Privacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.endata protectionprivacyimpact assessmentGDPRDPIAidentity managementbiometricsText/Conference Paper10.18420/ois2020_171617-5468