A master thesis from Aalborg University
Practical Regulatory Compliance in Database Systems
Term
4. term
Education
Publication year
2023
Submitted on
2023-06-15
Pages
62 pages
Abstract
The General Data Protection Regulation (GDPR), which came into effect in 2018, regulates the processing of personal data. This meant that companies have had to rework their approach to processing personal data. Understanding of, and compliance with, GDPR remains a problem in 2023. This project analyses GDPR and existing work to determine the effect it has on database systems and proposes five requirements for a system that can help companies make their existing database systems GDPR compliant. A tool, called Data Protection Compliance Tool (DPCT), that satisfies four of these requirements is then proposed. DPCT enables its users to register metadata and vacuuming policies needed to document that personal data is being processed for legitimate and specific purposes, can be associated with a natural person, and is deleted when it is no longer being processed for a valid purpose. A prototype of DPCT is implemented and is evaluated using a database for a fictional web shop storing personal data about customers. Finally, extensions to DPCT are presented that provide additional GDPR support.
Documents
Colophon: This page is part of the AAU Student Projects portal, which is run by Aalborg University. Here, you can find and download publicly available bachelor's theses and master's projects from across the university dating from 2008 onwards. Student projects from before 2008 are available in printed form at Aalborg University Library.
If you have any questions about AAU Student Projects or the research registration, dissemination and analysis at Aalborg University, please feel free to contact the VBN team. You can also find more information in the AAU Student Projects FAQs.