Um sistema web para auxiliar soluções na conformidade com a LGPD
Resumo
A conformidade com a Lei Geral de Proteção de Dados (LGPD) é de grande importância para as empresas brasileiras, visando garantir a proteção dos dados pessoais. Este trabalho propõe a melhoria de um checklist de conformidade com a LGPD, transformando-o em uma ferramenta web para facilitar a avaliação e a implementação das exigências legais. A construção da ferramenta incluiu análise do feedback de especialistas, com destaque para o especialista que avaliou o checklist inspirador. Além disso, o processo envolveu levantamento de requisitos, definição de critérios de melhoria, desenvolvimento e testes. A avaliação da ferramenta foi conduzida em projetos reais de empresas ligadas à inovação tecnológica. Os resultados da avaliação revelaram uma eficiência significativa na identificação e correção de lacunas de conformidade, destacando o potencial da ferramenta para melhorar a conformidade com a LGPD.
Palavras-chave:
LGPD, Conformidade, Ferramenta web, Proteção de dados
Referências
Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2015. Privacy and human behavior in the age of information. Science 347, 6221 (2015), 509–514.
Stenly Ibrahim Adam, Jimmy H Moedjahedy, and Jeremiah Maramis. 2020. RESTful Web Service Implementation on Unklab Information System Using JSON Web Token (JWT). In 2020 2nd International Conference on Cybernetics and Intelligent System (ICORIS). IEEE, Makassar, Indonesia, 1–6. DOI: 10.1109/ICORIS50180.2020.9320801
Emerson O Batista. 2017. Sistemas de informação. Saraiva Educação SA, Sao Paulo, Brazil.
D. Baumer,W. Bischofberger, H. Lichter, and H. Zullighoven. 1996. User interface prototyping-concepts, tools, and experience. In Proceedings of IEEE 18th International Conference on Software Engineering. IEEE, Berlin, Germany, 532–541. DOI: 10.1109/ICSE.1996.493447
Chandradeep Bhatt, Divyanshu Tiwari, Deepika Dua, Shefali Gupta, and Teekam Singh. 2024. Elevating Online Retail: An In-Depth Look at the Implementation of React JS in Advanced E-commerce. In 2024 International Conference on Intelligent and Innovative Technologies in Computing, Electrical and Electronics (IITCEE). IEEE, New York, NY, USA, 1–4. DOI: 10.1109/IITCEE59897.2024.10467991
Brasil. 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). Disponível em: [link]. [link] Acesso em: 24 de abril de 2024.
Augusto Campos. 2006. O que é software livre. Disponível em: [link]. Acesso em: 15 de maio de 2024.
Orlando Amaral Cejas, Muhammad Ilyas Azeem, Sallam Abualhaija, and Lionel C. Briand. 2023. NLP-Based Automated Compliance Checking of Data Processing Agreements Against GDPR. IEEE Transactions on Software Engineering 49, 9 (2023), 4282–4303. DOI: 10.1109/TSE.2023.3288901
Diego André Cerqueira, Rafael Maiani de Mello, and Guilherme Horta Travassos. 2023. Experimental Evaluation of a Checklist-Based Inspection Technique to Verify the Compliance of Software Systems with the Brazilian General Data Protection Law. arXiv:2308.14874 [cs.SE]
Edgar F Codd. 1990. The relational model for database management: version 2. Addison-Wesley Longman Publishing Co., Inc., MA, United States.
Valerio Cosentino, Javier L Cánovas Izquierdo, and Jordi Cabot. 2017. A systematic mapping study of software development with GitHub. Ieee access 5 (2017), 7173–7192.
Lorrie Faith Cranor. 1999. Internet privacy. Commun. ACM 42, 2 (feb 1999), 28–38. DOI: 10.1145/293411.293440
Evandro Thalles Vale de Castro, Geovana RS Silva, and Edna Dias Canedo. 2022. Ensuring privacy in the application of the Brazilian general data protection law (LGPD). In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. ACM, Salamanca, Spain, 1228–1235.
DevMedia. 2024. ORM (Object-Relational Mapper). Disponível em: [link]. Acesso em: 10 de maio de 2024.
Anirudh Ekambaranathan, Jun Zhao, and George Chalhoub. 2023. Navigating the Data Avalanche: Towards Supporting Developers in Developing Privacy-Friendly Children’s Apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 7, 2 (2023), 1–24.
European Parliament and Council of the European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and the Council (General Data Protection Regulation). Disponível em: [link]. [link] Acesso em: 24 de abril de 2024.
Fang He. 2023. Implementation of Secure Login and Access Methods for Web Frontend. In 2023 International Conference on Applied Intelligence and Sustainable Computing (ICAISC). IEEE, IEEE, New York, NY, USA, 1–5.
Martti Jeenicke, Wolf-Gideon Bleek, and Ralf Klischewski. 2003. Revealing Web User Requirements through e-Prototyping.. In SEKE. Citeseer, Citeseer, San Francisco, USA, 9–16.
Michael Jones, John Bradley, and Nat Sakimura. 2015. Json web token (jwt). Technical Report. Internet Engineering Task Force (IETF).
A. Joshi, S. Kale, S. Chandel, and D. K. Pal. 2015. Likert Scale: Explored and Explained. Current Journal of Applied Science and Technology 7, 4 (2015), 396–403. DOI: 10.9734/BJAST/2015/14975 Acesso em: 26 de abril de 2024.
Altino Alves Júnior, Letícia de Souza Meireles, Lucas Alves Rossi Figueira, Vítor Marcondes Morais Carmo, Humberto T Marques-Neto, and Laerte Xavier. 2022. Entendendo o engajamento das comunidades front-end e back-end nos repositórios do GitHub. In Anais do X Workshop de Visualização, Evolução e Manutenção de Software. SBC, SBC, Virtual Event, 26–30.
Gursheen Kaur and Raj Gaurang Tiwari. 2023. Comparison and Analysis of Popular Frontend Frameworks and Libraries: An Evaluation of Parameters for Frontend Web Development. In 2023 4th International Conference on Electronics and Sustainable Communication Systems (ICESC). IEEE, IEEE, New York, NY, USA, 1067–1073.
R.A. Kemmerer. 2003. Cybersecurity. In 25th International Conference on Software Engineering, 2003. Proceedings. IEEE Computer Society, Portland, OR, USA, 705–715. DOI: 10.1109/ICSE.2003.1201257
Pedro Machado, Jéssyka Vilela, Mariana Peixoto, and Carla Silva. 2023. A systematic study on the impact of GDPR compliance on Organizations. In Proceedings of the XIX Brazilian Symposium on Information Systems. SBC, Maceió, Brazil, 435–442.
Rodrigo Machado, Diego Kreutz, Giulliano Paz, and Gustavo Rodrigues. 2019. Vazamentos de Dados: Histórico, Impacto Socioeconômico e as Novas Leis de Proteção de Dados. In Anais da XVII Escola Regional de Redes de Computadores (Alegrete). SBC, Porto Alegre, RS, Brasil, 154–159. DOI: 10.5753/errc.2019.9230
João Mendes, Davi Viana, and Luis Rivero. 2021. Developing an inspection checklist for the adequacy assessment of software systems to quality attributes of the brazilian general data protection law: An initial proposal. In Proceedings of the XXXV Brazilian Symposium on Software Engineering. ACM, Porto Alegre, RS, Brasil, 263–268.
João Pedro Marques Mendes. 2022. LGPD-CHECK: Um Checklist para Avaliação da Aderência de Sistemas Computacionais à Lei Geral de Proteção de Dados Brasileira. Master’s thesis. Universidade Federal do Maranhão.
Microsoft. 2012. TypeScript. Disponível em: [link]. Acesso em: 09 de maio de 2024.
Cornelia Mihaela Novac, Ovidiu Constantin Novac, Raluca Marina Sferle, Mircea Ioan Gordan, Gyöngyi Bujdosó, and Camelia Maria Dindelegan. 2021. Comparative study of some applications made in the Vue.js and React.js frameworks. In 2021 16th International Conference on Engineering of Modern Electric Systems (EMES). IEEE, Oradea, Romania, 1–4. DOI: 10.1109/EMES52337.2021.9484149
Fabrício Peloso Piurcosky, Marcelo Aparecido Costa, Rodrigo Franklin Frogeri, and Cristina Lelis Leal Calegario. 2019. A lei geral de proteção de dados pessoais em empresas brasileiras: uma análise de múltiplos casos. Suma de negocios 10, 23 (2019), 89–99.
Ivonildo Pereira, João Mendes, Davi Viana, Luis Rivero, Waldemar Ferreira, and Sergio Soares. 2022. Extending an LGPD Compliance Inspection Checklist to Assess IoT Solutions: An Initial Proposal. In Trilha da Indústria - Congresso Brasileiro de Software: Teoria e Prática (CBSOFT), 13. SBC, Uberlândia, Brazil, 28–31. DOI: 10.5753/cbsoft_estendido.2022.226679
José Maurício dos Santos Pinheiro. 2017. Ameaças e Ataques aos Sistemas de Informação: Prevenir e Antecipar. Cadernos UniFOA 3, 5 (mar. 2017), 11–21. DOI: 10.47385/cadunifoa.v3.n5.885
Patricia Peck Pinheiro. 2020. Proteção de dados pessoais: Comentários à lei n. 13.709/2018-lgpd. Saraiva Educação SA, Brasil.
Prisma Labs, Inc. 2024. Prisma. Disponível em: [link]. Acesso em: 10 de maio de 2024.
Render, Inc. Accessed 2024. Render - The Easiest Cloud For All Your Apps And Websites. Disponível em: [link]. [link] Acesso em: 15 de maio de 2024.
Cedric Ryngaert and Mistale Taylor. 2020. The GDPR as Global Data Protection Regulation? AJIL Unbound 114 (2020), 5–9. DOI: 10.1017/aju.2019.80
Pattaraporn Sangaroonsilp, Hoa Khanh Dam, Morakot Choetkiertikul, Chaiyong Ragkhitwetsagul, and Aditya Ghose. 2023. A taxonomy for mining and classifying privacy requirements in issue reports. Information and Software Technology 157 (2023), 107162.
Joshua D Scarsbrook, Mark Utting, and Ryan KL Ko. 2023. TypeScript’s Evolution: An Analysis of Feature Adoption Over Time. In 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR). IEEE, IEEE, Melbourne, Australia, 109–114.
Mojtaba Shahin, Muhammad Ali Babar, and Liming Zhu. 2017. Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE access 5 (2017), 3909–3943.
Jefferson Silva, Newton Calegari, and Eduardo Gomes. 2019. After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications. In Companion Proceedings of the 2019 World Wide Web Conference. ACM, New York, NY, USA, 819–822.
Sean Sirur, Jason RC Nurse, and Helena Webb. 2018. Are we there yet? Understanding the challenges faced in complying with the General Data Protection Regulation (GDPR). In Proceedings of the 2nd International Workshop on Multimedia Privacy and Security. ACM, Toronto, Canada, 88–95.
Vercel, Inc. Accessed 2024. Vercel - Develop. Preview. Ship. Disponível em: [link]. [link] Acesso em: 15 de maio de 2024.
Rishi Vyas. 2022. Comparative Analysis on Front-End Frameworks for Web Applications. International Journal for Research in Applied Science and Engineering Technology 10, 7 (2022), 298–307.
Stenly Ibrahim Adam, Jimmy H Moedjahedy, and Jeremiah Maramis. 2020. RESTful Web Service Implementation on Unklab Information System Using JSON Web Token (JWT). In 2020 2nd International Conference on Cybernetics and Intelligent System (ICORIS). IEEE, Makassar, Indonesia, 1–6. DOI: 10.1109/ICORIS50180.2020.9320801
Emerson O Batista. 2017. Sistemas de informação. Saraiva Educação SA, Sao Paulo, Brazil.
D. Baumer,W. Bischofberger, H. Lichter, and H. Zullighoven. 1996. User interface prototyping-concepts, tools, and experience. In Proceedings of IEEE 18th International Conference on Software Engineering. IEEE, Berlin, Germany, 532–541. DOI: 10.1109/ICSE.1996.493447
Chandradeep Bhatt, Divyanshu Tiwari, Deepika Dua, Shefali Gupta, and Teekam Singh. 2024. Elevating Online Retail: An In-Depth Look at the Implementation of React JS in Advanced E-commerce. In 2024 International Conference on Intelligent and Innovative Technologies in Computing, Electrical and Electronics (IITCEE). IEEE, New York, NY, USA, 1–4. DOI: 10.1109/IITCEE59897.2024.10467991
Brasil. 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). Disponível em: [link]. [link] Acesso em: 24 de abril de 2024.
Augusto Campos. 2006. O que é software livre. Disponível em: [link]. Acesso em: 15 de maio de 2024.
Orlando Amaral Cejas, Muhammad Ilyas Azeem, Sallam Abualhaija, and Lionel C. Briand. 2023. NLP-Based Automated Compliance Checking of Data Processing Agreements Against GDPR. IEEE Transactions on Software Engineering 49, 9 (2023), 4282–4303. DOI: 10.1109/TSE.2023.3288901
Diego André Cerqueira, Rafael Maiani de Mello, and Guilherme Horta Travassos. 2023. Experimental Evaluation of a Checklist-Based Inspection Technique to Verify the Compliance of Software Systems with the Brazilian General Data Protection Law. arXiv:2308.14874 [cs.SE]
Edgar F Codd. 1990. The relational model for database management: version 2. Addison-Wesley Longman Publishing Co., Inc., MA, United States.
Valerio Cosentino, Javier L Cánovas Izquierdo, and Jordi Cabot. 2017. A systematic mapping study of software development with GitHub. Ieee access 5 (2017), 7173–7192.
Lorrie Faith Cranor. 1999. Internet privacy. Commun. ACM 42, 2 (feb 1999), 28–38. DOI: 10.1145/293411.293440
Evandro Thalles Vale de Castro, Geovana RS Silva, and Edna Dias Canedo. 2022. Ensuring privacy in the application of the Brazilian general data protection law (LGPD). In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. ACM, Salamanca, Spain, 1228–1235.
DevMedia. 2024. ORM (Object-Relational Mapper). Disponível em: [link]. Acesso em: 10 de maio de 2024.
Anirudh Ekambaranathan, Jun Zhao, and George Chalhoub. 2023. Navigating the Data Avalanche: Towards Supporting Developers in Developing Privacy-Friendly Children’s Apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 7, 2 (2023), 1–24.
European Parliament and Council of the European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and the Council (General Data Protection Regulation). Disponível em: [link]. [link] Acesso em: 24 de abril de 2024.
Fang He. 2023. Implementation of Secure Login and Access Methods for Web Frontend. In 2023 International Conference on Applied Intelligence and Sustainable Computing (ICAISC). IEEE, IEEE, New York, NY, USA, 1–5.
Martti Jeenicke, Wolf-Gideon Bleek, and Ralf Klischewski. 2003. Revealing Web User Requirements through e-Prototyping.. In SEKE. Citeseer, Citeseer, San Francisco, USA, 9–16.
Michael Jones, John Bradley, and Nat Sakimura. 2015. Json web token (jwt). Technical Report. Internet Engineering Task Force (IETF).
A. Joshi, S. Kale, S. Chandel, and D. K. Pal. 2015. Likert Scale: Explored and Explained. Current Journal of Applied Science and Technology 7, 4 (2015), 396–403. DOI: 10.9734/BJAST/2015/14975 Acesso em: 26 de abril de 2024.
Altino Alves Júnior, Letícia de Souza Meireles, Lucas Alves Rossi Figueira, Vítor Marcondes Morais Carmo, Humberto T Marques-Neto, and Laerte Xavier. 2022. Entendendo o engajamento das comunidades front-end e back-end nos repositórios do GitHub. In Anais do X Workshop de Visualização, Evolução e Manutenção de Software. SBC, SBC, Virtual Event, 26–30.
Gursheen Kaur and Raj Gaurang Tiwari. 2023. Comparison and Analysis of Popular Frontend Frameworks and Libraries: An Evaluation of Parameters for Frontend Web Development. In 2023 4th International Conference on Electronics and Sustainable Communication Systems (ICESC). IEEE, IEEE, New York, NY, USA, 1067–1073.
R.A. Kemmerer. 2003. Cybersecurity. In 25th International Conference on Software Engineering, 2003. Proceedings. IEEE Computer Society, Portland, OR, USA, 705–715. DOI: 10.1109/ICSE.2003.1201257
Pedro Machado, Jéssyka Vilela, Mariana Peixoto, and Carla Silva. 2023. A systematic study on the impact of GDPR compliance on Organizations. In Proceedings of the XIX Brazilian Symposium on Information Systems. SBC, Maceió, Brazil, 435–442.
Rodrigo Machado, Diego Kreutz, Giulliano Paz, and Gustavo Rodrigues. 2019. Vazamentos de Dados: Histórico, Impacto Socioeconômico e as Novas Leis de Proteção de Dados. In Anais da XVII Escola Regional de Redes de Computadores (Alegrete). SBC, Porto Alegre, RS, Brasil, 154–159. DOI: 10.5753/errc.2019.9230
João Mendes, Davi Viana, and Luis Rivero. 2021. Developing an inspection checklist for the adequacy assessment of software systems to quality attributes of the brazilian general data protection law: An initial proposal. In Proceedings of the XXXV Brazilian Symposium on Software Engineering. ACM, Porto Alegre, RS, Brasil, 263–268.
João Pedro Marques Mendes. 2022. LGPD-CHECK: Um Checklist para Avaliação da Aderência de Sistemas Computacionais à Lei Geral de Proteção de Dados Brasileira. Master’s thesis. Universidade Federal do Maranhão.
Microsoft. 2012. TypeScript. Disponível em: [link]. Acesso em: 09 de maio de 2024.
Cornelia Mihaela Novac, Ovidiu Constantin Novac, Raluca Marina Sferle, Mircea Ioan Gordan, Gyöngyi Bujdosó, and Camelia Maria Dindelegan. 2021. Comparative study of some applications made in the Vue.js and React.js frameworks. In 2021 16th International Conference on Engineering of Modern Electric Systems (EMES). IEEE, Oradea, Romania, 1–4. DOI: 10.1109/EMES52337.2021.9484149
Fabrício Peloso Piurcosky, Marcelo Aparecido Costa, Rodrigo Franklin Frogeri, and Cristina Lelis Leal Calegario. 2019. A lei geral de proteção de dados pessoais em empresas brasileiras: uma análise de múltiplos casos. Suma de negocios 10, 23 (2019), 89–99.
Ivonildo Pereira, João Mendes, Davi Viana, Luis Rivero, Waldemar Ferreira, and Sergio Soares. 2022. Extending an LGPD Compliance Inspection Checklist to Assess IoT Solutions: An Initial Proposal. In Trilha da Indústria - Congresso Brasileiro de Software: Teoria e Prática (CBSOFT), 13. SBC, Uberlândia, Brazil, 28–31. DOI: 10.5753/cbsoft_estendido.2022.226679
José Maurício dos Santos Pinheiro. 2017. Ameaças e Ataques aos Sistemas de Informação: Prevenir e Antecipar. Cadernos UniFOA 3, 5 (mar. 2017), 11–21. DOI: 10.47385/cadunifoa.v3.n5.885
Patricia Peck Pinheiro. 2020. Proteção de dados pessoais: Comentários à lei n. 13.709/2018-lgpd. Saraiva Educação SA, Brasil.
Prisma Labs, Inc. 2024. Prisma. Disponível em: [link]. Acesso em: 10 de maio de 2024.
Render, Inc. Accessed 2024. Render - The Easiest Cloud For All Your Apps And Websites. Disponível em: [link]. [link] Acesso em: 15 de maio de 2024.
Cedric Ryngaert and Mistale Taylor. 2020. The GDPR as Global Data Protection Regulation? AJIL Unbound 114 (2020), 5–9. DOI: 10.1017/aju.2019.80
Pattaraporn Sangaroonsilp, Hoa Khanh Dam, Morakot Choetkiertikul, Chaiyong Ragkhitwetsagul, and Aditya Ghose. 2023. A taxonomy for mining and classifying privacy requirements in issue reports. Information and Software Technology 157 (2023), 107162.
Joshua D Scarsbrook, Mark Utting, and Ryan KL Ko. 2023. TypeScript’s Evolution: An Analysis of Feature Adoption Over Time. In 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR). IEEE, IEEE, Melbourne, Australia, 109–114.
Mojtaba Shahin, Muhammad Ali Babar, and Liming Zhu. 2017. Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE access 5 (2017), 3909–3943.
Jefferson Silva, Newton Calegari, and Eduardo Gomes. 2019. After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications. In Companion Proceedings of the 2019 World Wide Web Conference. ACM, New York, NY, USA, 819–822.
Sean Sirur, Jason RC Nurse, and Helena Webb. 2018. Are we there yet? Understanding the challenges faced in complying with the General Data Protection Regulation (GDPR). In Proceedings of the 2nd International Workshop on Multimedia Privacy and Security. ACM, Toronto, Canada, 88–95.
Vercel, Inc. Accessed 2024. Vercel - Develop. Preview. Ship. Disponível em: [link]. [link] Acesso em: 15 de maio de 2024.
Rishi Vyas. 2022. Comparative Analysis on Front-End Frameworks for Web Applications. International Journal for Research in Applied Science and Engineering Technology 10, 7 (2022), 298–307.
Publicado
30/09/2024
Como Citar
FREJ, Matheus; PEREIRA, Ivonildo; FERREIRA, Waldemar; SOARES, Sergio.
Um sistema web para auxiliar soluções na conformidade com a LGPD. In: SIMPÓSIO BRASILEIRO DE ENGENHARIA DE SOFTWARE (SBES), 38. , 2024, Curitiba/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 704-710.
DOI: https://doi.org/10.5753/sbes.2024.3558.
