top of page


Lean team approach to privacy threat modeling of software systems

If you’re new to privacy threat modeling or overwhelmed by the complexity of a full-fledged privacy assessment approach, you’ll certainly benefit from LINDDUN GO. This easy-access team approach to privacy threat modeling will help you to look at your software design from a privacy perspective and identify any potential privacy threats.

LINDDUN GO is the trimmed-down variant of LINDDUN, offering you a systematic approach to privacy assessments with a distinctly lower threshold.

What do you need to get started?

All you need is a diverse team of privacy enthusiasts, a model of your software system (indicating system interactions), and the LINDDUN GO card deck. The 34 threat cards represent the most common privacy threats and guide the team in the systematic privacy analysis of their software system. The cards come in six suits, matching the main LIND(D)UN privacy threat categories : linkability, identifiability, non-repudiation, detectability, unawareness, non-compliance.

Diverse team of privacy enthusiasts, of any expertise level

Anyone looking for a systematic approach towards privacy threat modeling can benefit from LINDDUN GO: both researchers and professionals, both beginners and experts. An appetite for data privacy and an analytical mindset will go a long way.  
It’s a great tool to get started: the cards do not require privacy expertise, the method itself is simple, yet nudges towards a typical threat modeling structure. Contrary to its full-fledged LINDDUN counterpart, you don’t need to create cumbersome mapping tables or continuously browse through the threat tree catalog.
You will achieve the best results with a diverse team. Try to include a system architect, a DPO, a CISO, a developer, domain expert, … Make sure to include participants with a legal background, as they’ll offer a different perspective than the IT technical team members.


LINDDUN GO can be used in its digital version – online – proven to be very practical for remote teams. 


LINDDUN GO can be used in the form of an old-school card deck.

Alternative to full-fledged LINDDUN

Opposed to the original LINDDUN methodology, which results in a thorough but rather complex and time-consuming privacy threat assessment, its lean variant LINDDUN GO provides a quick start to privacy threat modeling.
A traditional privacy threat modeling exercise provides extensive methodological and knowledge support to systematically tackle privacy threat analysis, yet the threshold to get started is rather high as it still requires sufficient knowledge of the process and the privacy threat types. LINDDUN GO lowers this threshold by reducing the scope to the most impactful hotspots in the system and by presenting a more comprehensible set of potential privacy threat types.  

bottom of page