Incorporating LGPD Requirements and Restrictions into Database Design
Abstract
The Brazilian General Data Protection Law (LGPD) specifies how the processing, storage, and disposal of personal data should be conducted, conditioning it to the prior authorization of the data subject. On the other hand, current information systems are heavily reliant on the use of personal data and therefore need to comply with the LGPD. In this context, the database system becomes an even more critical component in software development, as it is responsible for storing, updating, and retrieving data. However, the methodologies and tools used for database design do not incorporate the requirements and constraints of the LGPD, making it difficult to ensure compliance between databases and current legislation. This article presents a methodology, called LGPDbyD, to incorporate the impositions and principles of the LGPD into the design of databases. To achieve this, we extend the ER model, the Relational model, and the CREATE TABLE command. Additionally, we extend the brModelo tool to provide support for the requirements and constraints of the LGPD. LGPDbyD aims to facilitate the processes of database design and auditing in compliance with the LGPD.
Keywords:
Data models and semantics, Specialized and domain-specific data management
References
Araújo, E., Vilela, J., Silva, C., and Alves, C. (2021). Are my business process models compliant with lgpd? the lgpd4bp method to evaluate and to model lgpd aware business processes. In XVII Brazilian Symposium on Information Systems, pages 1–9. Sociedade Brasileira de Computação.
Brito, F. T. and Machado, J. C. (2017). Preservação de privacidade de dados: Fundamentos, técnicas e aplicações. Jornadas de atualização em Informática, pages 91–130.
Canedo, E. D., Cerqueira, A. J., Gravina, R. M., Ribeiro, V. C., Camoes, R., dos Reis, V. E., de Mendonça, F. L. L., and de Sousa Jr, R. T. (2021). Proposal of an implementation process for the brazilian general data protection law (lgpd). In ICEIS (1), pages 19–30. Sociedade Brasileira de Computação.
Carauta Ribeiro, R. and Dias Canedo, E. (2020). Using mcda for selecting criteria of lgpd compliant personal data security. In The 21st Annual International Conference on Digital Government Research, pages 175–184.
Carvalho, G., Bernardino, J., Pereira, V., and Cabral, B. (2023). Er+: A conceptual model for distributed multilayer systems. IEEE Access, 11:62744–62757.
Dani, A. and Getta, J. (2005). Conceptual modelling of computations on data streams. Proceedings of the 2nd Asia-Pacific Conference on Conceptual Modelling, 43.
de Abreu, C., Praciano, F. D., Amora, P. R., and Machado, J. C. (2021). Consql: Consentimentos em sql para o processamento de consultas orientado a propósitos. In Anais Estendidos do XXXVI Simpósio Brasileiro de Bancos de Dados, pages 8–14. SBC.
dos Santos Mello, R., Cândido, C. H., and Neto, M. B. S. (2021). brmodelo: An initiative for aiding database design. volume 12.
Favero, E. S. (2019). Um protótipo de referência para ferramentas case de modelagem em ambiente web. Universidade Federal do Pampa; (2019); 105.
Kamble, A. S. (2008). A conceptual model for multidimensional data. In APCCM, volume 8, pages 29–38.
Khan, K. M., Kapurubandara, M., and Chadha, U. (2004). Incorporating business requirements and constraints in database conceptual models. In Proceedings of the first Asian-Pacific conference on Conceptual modelling-Volume 31, pages 59–64.
Lachaud, E. (2020). Iso/iec 27701 standard: Threats and opportunities for gdpr certification. Eur. Data Prot. L. Rev., 6:194.
Sarkar, S. and Athanassoulis, M. (2022). Query language support for timely data deletion. In Proceedings of the 25th International Conference on Extending Database Technology, volume 2.
Shastri, S., Banakar, V., Wasserman, M., Kumar, A., and Chidambaram, V. (2019). Understanding and benchmarking the impact of gdpr on database systems. arXiv preprint arXiv:1910.00728.
Brito, F. T. and Machado, J. C. (2017). Preservação de privacidade de dados: Fundamentos, técnicas e aplicações. Jornadas de atualização em Informática, pages 91–130.
Canedo, E. D., Cerqueira, A. J., Gravina, R. M., Ribeiro, V. C., Camoes, R., dos Reis, V. E., de Mendonça, F. L. L., and de Sousa Jr, R. T. (2021). Proposal of an implementation process for the brazilian general data protection law (lgpd). In ICEIS (1), pages 19–30. Sociedade Brasileira de Computação.
Carauta Ribeiro, R. and Dias Canedo, E. (2020). Using mcda for selecting criteria of lgpd compliant personal data security. In The 21st Annual International Conference on Digital Government Research, pages 175–184.
Carvalho, G., Bernardino, J., Pereira, V., and Cabral, B. (2023). Er+: A conceptual model for distributed multilayer systems. IEEE Access, 11:62744–62757.
Dani, A. and Getta, J. (2005). Conceptual modelling of computations on data streams. Proceedings of the 2nd Asia-Pacific Conference on Conceptual Modelling, 43.
de Abreu, C., Praciano, F. D., Amora, P. R., and Machado, J. C. (2021). Consql: Consentimentos em sql para o processamento de consultas orientado a propósitos. In Anais Estendidos do XXXVI Simpósio Brasileiro de Bancos de Dados, pages 8–14. SBC.
dos Santos Mello, R., Cândido, C. H., and Neto, M. B. S. (2021). brmodelo: An initiative for aiding database design. volume 12.
Favero, E. S. (2019). Um protótipo de referência para ferramentas case de modelagem em ambiente web. Universidade Federal do Pampa; (2019); 105.
Kamble, A. S. (2008). A conceptual model for multidimensional data. In APCCM, volume 8, pages 29–38.
Khan, K. M., Kapurubandara, M., and Chadha, U. (2004). Incorporating business requirements and constraints in database conceptual models. In Proceedings of the first Asian-Pacific conference on Conceptual modelling-Volume 31, pages 59–64.
Lachaud, E. (2020). Iso/iec 27701 standard: Threats and opportunities for gdpr certification. Eur. Data Prot. L. Rev., 6:194.
Sarkar, S. and Athanassoulis, M. (2022). Query language support for timely data deletion. In Proceedings of the 25th International Conference on Extending Database Technology, volume 2.
Shastri, S., Banakar, V., Wasserman, M., Kumar, A., and Chidambaram, V. (2019). Understanding and benchmarking the impact of gdpr on database systems. arXiv preprint arXiv:1910.00728.
Published
2024-10-14
How to Cite
BARROS, Patrícia Vieira da S.; MONTEIRO, José Maria; BRAYNER, Angelo; MACHADO, Javam C..
Incorporating LGPD Requirements and Restrictions into Database Design. In: BRAZILIAN SYMPOSIUM ON DATABASES (SBBD), 39. , 2024, Florianópolis/SC.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 341-353.
ISSN 2763-8979.
DOI: https://doi.org/10.5753/sbbd.2024.240791.
