The General Data Protection Regulation (GDPR), which came into effect in 2018, regulates the processing of personal data. This meant that companies have had to rework their approach to processing personal data. Understanding of, and compliance with, GDPR remains a problem in 2023.

This project analyses GDPR and existing work to determine the effect it has on database systems and proposes five requirements for a system that can help companies make their existing database systems GDPR compliant. A tool, called Data Protection Compliance Tool (DPCT), that satisfies four of these requirements is then proposed. DPCT enables its users to register metadata and vacuuming policies needed to document that personal data is being processed for legitimate and specific purposes, can be associated with a natural person, and is deleted when it is no longer being processed for a valid purpose.

A prototype of DPCT is implemented and is evaluated using a database for a fictional web shop storing personal data about customers. Finally, extensions to DPCT are presented that provide additional GDPR support.