The OWASP Top 10 Privacy Risks Project provides a top 10 list for privacy risks in web applications and related countermeasures.

• It covers technological and organizational aspects that focus on real-life risks, not just legal issues.

• The Project provides tips on how to implement privacy by design in web applications with the aim of helping developers and web application providers to better understand and improve privacy.

• The list uses the OECD Privacy Guidelines as a framework and can also be used to assess privacy risks associated with specific web applications.

This list provides solid web application security to comply with GDPR (General Data Protection Regulation, enforceable on May 25, 2018).

The following Top 10 Privacy Risks are listed by importance, 1 being the gravest privacy risk.

1. Web Application Vulnerabilities

2. Operator-sided Data Leakage

3. Insufficient Data Breach Response

4. Insufficient Deletion of personal data

5. Non-transparent Policies, Terms and Conditions

6. Collection of data not required for the primary purpose

7. Sharing of data with third party

8. Outdated personal data

9. Missing or Insufficient Session Expiration

10. Insecure Data Transfer