Adoption of the LGPD Inventory in the User Stories and BDD Scenarios Creation

Resumo

Today's society heavily relies on intelligent technologies that capture and monitor real-time data, necessitating strong measures to ensure personal data privacy and protection. Regulatory frameworks like the General Data Protection Law (LGPD) in Brazil require software development to consider privacy throughout the software life cycle, significantly impacting the Requirements Engineering process. The LGPD mandates all companies to maintain a Personal Data Inventory (PDI) that records the flow of personal data from collection to disposal. This study investigates the feasibility of using the PDI in creating User Stories and Behavior-Driven Development (BDD) Scenarios, commonly used in requirements documentation for agile methodologies. Our research examines the correlation between PDI elements and User Stories/BDD Scenarios to assess their compatibility for representing and documenting software functionalities. The findings propose a mapping between these elements, supporting further research in Software Engineering and Information Security. The IDP shows promise in facilitating the construction of User Stories and BDD Scenarios and serves as a foundational reference for developing the PDI, a crucial legal document.