Integrating LGPD Requirements and Restrictions into Database Design
Abstract
The Brazilian General Data Protection Law (LGPD) specifies how the processing, storage, and disposal of personal data should be conducted, conditioning it to the prior authorization of the data subject. On the other hand, current information systems are heavily reliant on the use of personal data and therefore need to comply with the LGPD. However, the methodologies and tools used for database design do not incorporate the requirements and constraints of the LGPD, making it difficult to ensure compliance between databases and current legislation. This article presents a methodology, called LGPDbyD, to incorporate the impositions and principles of the LGPD into the design of databases. To achieve this, we adapted the ER model, the Relational model, and the CREATE TABLE command.
References
Dani, A. and Getta, J. (2005). Conceptual modelling of computations on data streams.
de Abreu, C., Praciano, F. D., Amora, P. R., and Machado, J. C. (2021). Consql: Consentimentos em sql para o processamento de consultas orientado a propósitos. In Anais Estendidos do XXXVI Simpósio Brasileiro de Bancos de Dados, pages 8–14. SBC.
Kamble, A. S. (2008). A conceptual model for multidimensional data. In APCCM, volume 8, pages 29–38.
Khan, K. M., Kapurubandara, M., and Chadha, U. (2004). Incorporating business requirements and constraints in database conceptual models. In Proceedings of the first Asian-Pacific conference on Conceptual modelling-Volume 31, pages 59–64.
Sarkar, S. and Athanassoulis, M. (2022). Query language support for timely data deletion. In Proceedings of the 25th International Conference on Extending Database Technology, volume 2.
Shastri, S., Banakar, V., Wasserman, M., Kumar, A., and Chidambaram, V. (2019). Understanding and benchmarking the impact of gdpr on database systems. arXiv preprint arXiv:1910.00728.
