Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems

Detalhes bibliográficos
Ano de defesa: 2025
Autor(a) principal: NEITZKE, Christiano Anderson
Orientador(a): VIANA, Davi lattes
Banca de defesa: VIANA, Davi, TEIXEIRA, Mario, RIVERO, Luis, FONTÃO, Awdren
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Universidade Federal do Maranhão
Programa de Pós-Graduação: PROGRAMA DE PÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃO/CCET
Departamento: DEPARTAMENTO DE INFORMÁTICA/CCET
País: Brasil
Palavras-chave em Português:
inspection checklist;
General Data Protection Law;
LGPD
Palavras-chave em Inglês:
inspection checklist;
General Data Protection Law;
LGPD
Área do conhecimento CNPq:
Sistemas de Computação
Link de acesso: https://tedebc.ufma.br/jspui/handle/tede/6113
Resumo: The Brazilian General Data Protection Law (LGPD) establishes guidelines for handling personal data. However, understanding and implementing the LGPD presents significant challenges for requirements analysts, particularly in identifying and operationalizing privacy requirements. This master’s thesis adapts, evaluates, and enhances the LGPDCheck checklist for use in public organizations. LGPD-Check is a method designed to assess software systems’ compliance with LGPD-mandated quality attributes, covering categories such as data transparency, user consent, user rights, data security, and controller responsibility. We improved the checklist by incorporating specific requirements demanded by the Federal Court of Accounts (TCU) and applied it within a government organization to assess its effectiveness. Our case study involved eight IT professionals. Results indicated that the checklist effectively supports the detection of defects in software systems and has led to significant enhancements of LGPD-Check. In addition to updating items and recommendations, we developed templates to assist inspectors in using the checklist. These templates provide guidance on addressing non-compliance issues and implementing improvements in the evaluated systems. Subsequently, we applied LGPD-Check to two real systems from a federal academic institution, which allowed us to discuss the benefits, challenges, and necessary refinements related to the recommendations and templates. Our findings revealed that 57.4% of the evaluated items did not meet legal standards, indicating substantial gaps in data protection processes and practices. Feedback from the focus group suggested that the revised checklist and templates help identify software compliance issues with the LGPD. Despite some limitations, such as the need for further studies to generalize the results and explore applications in other domains, our work contributes to enhancing LGPD compliance in software systems, particularly within the public sector.
id UFMA_250cdacd8d46cdf2f0207616dc009c14
oai_identifier_str oai:tede2:tede/6113
network_acronym_str UFMA
network_name_str Biblioteca Digital de Teses e Dissertações da UFMA
repository_id_str
spelling VIANA, Davihttp://lattes.cnpq.br/9297257833779277TEIXEIRA, Mariohttp://lattes.cnpq.br/9943003955628885VIANA, DaviTEIXEIRA, MarioRIVERO, LuisFONTÃO, AwdrenNEITZKE, Christiano Anderson2025-04-23T14:24:38Z2025-02-21NEITZKE, Christiano Anderson. Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems. 2025. 143 f. Dissertação( Programa de Pós-graduação em Ciência da Computação/CCET) - Universidade Federal do Maranhão, São Luís, 2025.https://tedebc.ufma.br/jspui/handle/tede/6113The Brazilian General Data Protection Law (LGPD) establishes guidelines for handling personal data. However, understanding and implementing the LGPD presents significant challenges for requirements analysts, particularly in identifying and operationalizing privacy requirements. This master’s thesis adapts, evaluates, and enhances the LGPDCheck checklist for use in public organizations. LGPD-Check is a method designed to assess software systems’ compliance with LGPD-mandated quality attributes, covering categories such as data transparency, user consent, user rights, data security, and controller responsibility. We improved the checklist by incorporating specific requirements demanded by the Federal Court of Accounts (TCU) and applied it within a government organization to assess its effectiveness. Our case study involved eight IT professionals. Results indicated that the checklist effectively supports the detection of defects in software systems and has led to significant enhancements of LGPD-Check. In addition to updating items and recommendations, we developed templates to assist inspectors in using the checklist. These templates provide guidance on addressing non-compliance issues and implementing improvements in the evaluated systems. Subsequently, we applied LGPD-Check to two real systems from a federal academic institution, which allowed us to discuss the benefits, challenges, and necessary refinements related to the recommendations and templates. Our findings revealed that 57.4% of the evaluated items did not meet legal standards, indicating substantial gaps in data protection processes and practices. Feedback from the focus group suggested that the revised checklist and templates help identify software compliance issues with the LGPD. Despite some limitations, such as the need for further studies to generalize the results and explore applications in other domains, our work contributes to enhancing LGPD compliance in software systems, particularly within the public sector.A Lei Geral de Proteção de Dados Pessoais (LGPD) estabelece diretrizes para o tratamento de dados pessoais. No entanto, compreender e implementar a LGPD apresenta desafios significativos para analistas de requisitos, particularmente na identificação e operacionalização de requisitos de privacidade. Esta dissertação adapta, avalia e aprimora o checklist LGPD-Check para uso em organizações públicas. O LGPD-Check é um método projetado para avaliar a conformidade de sistemas de software com os atributos de qualidade exigidos pela LGPD, abrangendo categorias como transparência de dados, consentimento do usuário, direitos do usuário, segurança de dados e responsabilidade do controlador. Aprimoramos o checklist incorporando requisitos específicos exigidos pelo Tribunal de Contas da União (TCU) e o aplicamos em uma organização governamental para avaliar sua eficácia. Nosso estudo envolveu oito profissionais de TI. Os resultados indicaram que o checklist apoia efetivamente a detecção de defeitos em sistemas de software e levou a melhorias do LGPD-Check. Além de atualizar itens e recomendações, desenvolvemos templates para auxiliar os inspetores no uso do checklist. Esses templates fornecem orientações sobre como tratar questões de não conformidade e implementar melhorias nos sistemas avaliados. Posteriormente, aplicamos o LGPD-Check a dois sistemas reais de uma instituição acadêmica federal, o que nos permitiu discutir os benefícios, desafios e refinamentos necessários relacionados às recomendações e templates. Nossas descobertas revelaram que 57,4% dos itens avaliados não atendiam aos padrões legais, indicando lacunas substanciais nos processos e práticas de proteção de dados. O feedback do grupo focal sugeriu que o checklist revisado e os templates auxiliam na identificação de problemas de conformidade de software com a LGPD. Apesar de algumas limitações, como a necessidade de mais estudos para generalizar os resultados e explorar aplicações em outros domínios, nosso trabalho contribui para aprimorar a conformidade com a LGPD em sistemas de software, particularmente no setor público.Submitted by Maria Aparecida (cidazen@gmail.com) on 2025-04-23T14:24:38Z No. of bitstreams: 1 Christiano Anderson Neitzke.pdf: 1194154 bytes, checksum: e81a245ae5a24b2f85713775c23f96ab (MD5)Made available in DSpace on 2025-04-23T14:24:38Z (GMT). No. of bitstreams: 1 Christiano Anderson Neitzke.pdf: 1194154 bytes, checksum: e81a245ae5a24b2f85713775c23f96ab (MD5) Previous issue date: 2025-02-21application/pdfporUniversidade Federal do MaranhãoPROGRAMA DE PÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃO/CCETUFMABrasilDEPARTAMENTO DE INFORMÁTICA/CCETinspection checklist;General Data Protection Law;LGPDinspection checklist;General Data Protection Law;LGPDSistemas de ComputaçãoEnhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software SystemsAprimorando a Conformidade com a LGPD: Uma Lista de Verificação Especializada e Modelos de Implementação para Sistemas de Software Governamentaisinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisinfo:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da UFMAinstname:Universidade Federal do Maranhão (UFMA)instacron:UFMAORIGINALChristiano Anderson Neitzke.pdfChristiano Anderson Neitzke.pdfapplication/pdf1194154http://tedebc.ufma.br:8080/bitstream/tede/6113/2/Christiano+Anderson+Neitzke.pdfe81a245ae5a24b2f85713775c23f96abMD52LICENSElicense.txtlicense.txttext/plain; charset=utf-82255http://tedebc.ufma.br:8080/bitstream/tede/6113/1/license.txt97eeade1fce43278e63fe063657f8083MD51tede/61132025-04-23 11:24:38.227oai:tede2:tede/6113IExJQ0VOw4dBIERFIERJU1RSSUJVScOHw4NPIE7Dg08tRVhDTFVTSVZBCgpDb20gYSBhcHJlc2VudGHDp8OjbyBkZXN0YSBsaWNlbsOnYSxvIGF1dG9yIChlcykgb3UgbyB0aXR1bGFyIGRvcyBkaXJlaXRvcyBkZSBhdXRvciBjb25jZWRlIMOgIFVuaXZlcnNpZGFkZSBGZWRlcmFsIGRvIE1hcmFuaMOjbyAoVUZNQSkgbyBkaXJlaXRvIG7Do28tZXhjbHVzaXZvIGRlIHJlcHJvZHV6aXIsIHRyYWR1emlyIChjb25mb3JtZSBkZWZpbmlkbyBhYmFpeG8pLCBlL291IGRpc3RyaWJ1aXIgYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIChpbmNsdWluZG8gbyByZXN1bW8pIHBvciB0b2RvIG8gbXVuZG8gbm8gZm9ybWF0byBpbXByZXNzbyBlIGVsZXRyw7RuaWNvIGUgZW0gcXVhbHF1ZXIgbWVpbywgaW5jbHVpbmRvIG9zIGZvcm1hdG9zIMOhdWRpbyBvdSB2w61kZW8uCgpWb2PDqiBjb25jb3JkYSBxdWUgYSBVRk1BIHBvZGUsIHNlbSBhbHRlcmFyIG8gY29udGXDumRvLCB0cmFuc3BvciBhIHN1YSB0ZXNlIG91IGRpc3NlcnRhw6fDo28gcGFyYSBxdWFscXVlciBtZWlvIG91IGZvcm1hdG8gcGFyYSBmaW5zIGRlIHByZXNlcnZhw6fDo28uCgpWb2PDqiB0YW1iw6ltIGNvbmNvcmRhIHF1ZSBhIFVGTUEgcG9kZSBtYW50ZXIgbWFpcyBkZSB1bWEgY8OzcGlhIGRlIHN1YSB0ZXNlIG91IGRpc3NlcnRhw6fDo28gcGFyYSBmaW5zIGRlIHNlZ3VyYW7Dp2EsIGJhY2stdXAgZSBwcmVzZXJ2YcOnw6NvLgoKVm9jw6ogZGVjbGFyYSBxdWUgYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIMOpIG9yaWdpbmFsIGUgcXVlIHZvY8OqIHRlbSBvIHBvZGVyIGRlIGNvbmNlZGVyIG9zIGRpcmVpdG9zIGNvbnRpZG9zIG5lc3RhIGxpY2Vuw6dhLiBWb2PDqiB0YW1iw6ltIGRlY2xhcmEgcXVlIG8gZGVww7NzaXRvIGRhIHN1YSB0ZXNlIG91IGRpc3NlcnRhw6fDo28gbsOjbywgcXVlIHNlamEgZGUgc2V1IGNvbmhlY2ltZW50bywgaW5mcmluZ2UgZGlyZWl0b3MgYXV0b3JhaXMgZGUgbmluZ3XDqW0uCgpDYXNvIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyBjb250ZW5oYSBtYXRlcmlhbCBxdWUgdm9jw6ogbsOjbyBwb3NzdWkgYSB0aXR1bGFyaWRhZGUgZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCB2b2PDqiBkZWNsYXJhIHF1ZSBvYnRldmUgYSBwZXJtaXNzw6NvIGlycmVzdHJpdGEgZG8gZGV0ZW50b3IgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIHBhcmEgY29uY2VkZXIgw6AgVUZNQSBvcyBkaXJlaXRvcyBhcHJlc2VudGFkb3MgbmVzdGEgbGljZW7Dp2EsIGUgcXVlIGVzc2UgbWF0ZXJpYWwgZGUgcHJvcHJpZWRhZGUgZGUgdGVyY2Vpcm9zIGVzdMOhIGNsYXJhbWVudGUgaWRlbnRpZmljYWRvIGUgcmVjb25oZWNpZG8gbm8gdGV4dG8gb3Ugbm8gY29udGXDumRvIGRhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyBvcmEgZGVwb3NpdGFkYS4KCkNBU08gQSBURVNFIE9VIERJU1NFUlRBw4fDg08gT1JBIERFUE9TSVRBREEgVEVOSEEgU0lETyBSRVNVTFRBRE8gREUgVU0gUEFUUk9Dw41OSU8gT1UgQVBPSU8gREUgVU1BIEFHw4pOQ0lBIERFIEZPTUVOVE8gT1UgT1VUUk8gT1JHQU5JU01PIFFVRSBOw4NPIFNFSkEgQSBVRk1BLCBWT0PDiiBERUNMQVJBIFFVRSBSRVNQRUlUT1UgVE9ET1MgRSBRVUFJU1FVRVIgRElSRUlUT1MgREUgUkVWSVPDg08gQ09NTyBUQU1Cw4lNIEFTIERFTUFJUyBPQlJJR0HDh8OVRVMgRVhJR0lEQVMgUE9SIENPTlRSQVRPIE9VIEFDT1JETy4KCkEgVUZNQSBzZSBjb21wcm9tZXRlIGEgaWRlbnRpZmljYXIgY2xhcmFtZW50ZSBvIHNldSBub21lIG91IG8ocykgbm9tZShzKSBkbyhzKSBkZXRlbnRvcihlcykgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIGRhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbywgZSBuw6NvIGZhcsOhIHF1YWxxdWVyIGFsdGVyYcOnw6NvLCBhbMOpbSBkYXF1ZWxhcyBjb25jZWRpZGFzIHBvciBlc3RhIGxpY2Vuw6dhLgoKRGVjbGFyYSB0YW1iw6ltIHF1ZSB0b2RhcyBhcyBhZmlsaWHDp8O1ZXMgY29ycG9yYXRpdmFzIG91IGluc3RpdHVjaW9uYWlzIGUgdG9kYXMgYXMgZm9udGVzIGRlIGFwb2lvIGZpbmFuY2Vpcm8gYW8gdHJhYmFsaG8gZXN0w6NvIGRldmlkYW1lbnRlIGNpdGFkYXMgb3UgbWVuY2lvbmFkYXMgZSBjZXJ0aWZpY2EgcXVlIG7Do28gaMOhIG5lbmh1bSBpbnRlcmVzc2UgY29tZXJjaWFsIG91IGFzc29jaWF0aXZvIHF1ZSByZXByZXNlbnRlIGNvbmZsaXRvIGRlIGludGVyZXNzZSBlbSBjb25leMOjbyBjb20gbyB0cmFiYWxobyBzdWJtZXRpZG8uCgoKCgoKCgo=Biblioteca Digital de Teses e Dissertaçõeshttps://tedebc.ufma.br/jspui/PUBhttp://tedebc.ufma.br:8080/oai/requestrepositorio@ufma.br||repositorio@ufma.bropendoar:21312025-04-23T14:24:38Biblioteca Digital de Teses e Dissertações da UFMA - Universidade Federal do Maranhão (UFMA)false
dc.title.por.fl_str_mv Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems
dc.title.alternative.por.fl_str_mv Aprimorando a Conformidade com a LGPD: Uma Lista de Verificação Especializada e Modelos de Implementação para Sistemas de Software Governamentais
title Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems
spellingShingle Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems
NEITZKE, Christiano Anderson
inspection checklist;
General Data Protection Law;
LGPD
inspection checklist;
General Data Protection Law;
LGPD
Sistemas de Computação
title_short Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems
title_full Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems
title_fullStr Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems
title_full_unstemmed Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems
title_sort Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems
author NEITZKE, Christiano Anderson
author_facet NEITZKE, Christiano Anderson
author_role author
dc.contributor.advisor1.fl_str_mv VIANA, Davi
dc.contributor.advisor1Lattes.fl_str_mv http://lattes.cnpq.br/9297257833779277
dc.contributor.advisor-co1.fl_str_mv TEIXEIRA, Mario
dc.contributor.advisor-co1Lattes.fl_str_mv http://lattes.cnpq.br/9943003955628885
dc.contributor.referee1.fl_str_mv VIANA, Davi
dc.contributor.referee2.fl_str_mv TEIXEIRA, Mario
dc.contributor.referee3.fl_str_mv RIVERO, Luis
dc.contributor.referee4.fl_str_mv FONTÃO, Awdren
dc.contributor.author.fl_str_mv NEITZKE, Christiano Anderson
contributor_str_mv VIANA, Davi
TEIXEIRA, Mario
VIANA, Davi
TEIXEIRA, Mario
RIVERO, Luis
FONTÃO, Awdren
dc.subject.por.fl_str_mv inspection checklist;
General Data Protection Law;
LGPD
topic inspection checklist;
General Data Protection Law;
LGPD
inspection checklist;
General Data Protection Law;
LGPD
Sistemas de Computação
dc.subject.eng.fl_str_mv inspection checklist;
General Data Protection Law;
LGPD
dc.subject.cnpq.fl_str_mv Sistemas de Computação
description The Brazilian General Data Protection Law (LGPD) establishes guidelines for handling personal data. However, understanding and implementing the LGPD presents significant challenges for requirements analysts, particularly in identifying and operationalizing privacy requirements. This master’s thesis adapts, evaluates, and enhances the LGPDCheck checklist for use in public organizations. LGPD-Check is a method designed to assess software systems’ compliance with LGPD-mandated quality attributes, covering categories such as data transparency, user consent, user rights, data security, and controller responsibility. We improved the checklist by incorporating specific requirements demanded by the Federal Court of Accounts (TCU) and applied it within a government organization to assess its effectiveness. Our case study involved eight IT professionals. Results indicated that the checklist effectively supports the detection of defects in software systems and has led to significant enhancements of LGPD-Check. In addition to updating items and recommendations, we developed templates to assist inspectors in using the checklist. These templates provide guidance on addressing non-compliance issues and implementing improvements in the evaluated systems. Subsequently, we applied LGPD-Check to two real systems from a federal academic institution, which allowed us to discuss the benefits, challenges, and necessary refinements related to the recommendations and templates. Our findings revealed that 57.4% of the evaluated items did not meet legal standards, indicating substantial gaps in data protection processes and practices. Feedback from the focus group suggested that the revised checklist and templates help identify software compliance issues with the LGPD. Despite some limitations, such as the need for further studies to generalize the results and explore applications in other domains, our work contributes to enhancing LGPD compliance in software systems, particularly within the public sector.
publishDate 2025
dc.date.accessioned.fl_str_mv 2025-04-23T14:24:38Z
dc.date.issued.fl_str_mv 2025-02-21
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.citation.fl_str_mv NEITZKE, Christiano Anderson. Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems. 2025. 143 f. Dissertação( Programa de Pós-graduação em Ciência da Computação/CCET) - Universidade Federal do Maranhão, São Luís, 2025.
dc.identifier.uri.fl_str_mv https://tedebc.ufma.br/jspui/handle/tede/6113
identifier_str_mv NEITZKE, Christiano Anderson. Enhancing LGPD Compliance: A Specialized Checklist and Implementation Templates for Governmental Software Systems. 2025. 143 f. Dissertação( Programa de Pós-graduação em Ciência da Computação/CCET) - Universidade Federal do Maranhão, São Luís, 2025.
url https://tedebc.ufma.br/jspui/handle/tede/6113
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Universidade Federal do Maranhão
dc.publisher.program.fl_str_mv PROGRAMA DE PÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃO/CCET
dc.publisher.initials.fl_str_mv UFMA
dc.publisher.country.fl_str_mv Brasil
dc.publisher.department.fl_str_mv DEPARTAMENTO DE INFORMÁTICA/CCET
publisher.none.fl_str_mv Universidade Federal do Maranhão
dc.source.none.fl_str_mv reponame:Biblioteca Digital de Teses e Dissertações da UFMA
instname:Universidade Federal do Maranhão (UFMA)
instacron:UFMA
instname_str Universidade Federal do Maranhão (UFMA)
instacron_str UFMA
institution UFMA
reponame_str Biblioteca Digital de Teses e Dissertações da UFMA
collection Biblioteca Digital de Teses e Dissertações da UFMA
bitstream.url.fl_str_mv http://tedebc.ufma.br:8080/bitstream/tede/6113/2/Christiano+Anderson+Neitzke.pdf
http://tedebc.ufma.br:8080/bitstream/tede/6113/1/license.txt
bitstream.checksum.fl_str_mv e81a245ae5a24b2f85713775c23f96ab
97eeade1fce43278e63fe063657f8083
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações da UFMA - Universidade Federal do Maranhão (UFMA)
repository.mail.fl_str_mv repositorio@ufma.br||repositorio@ufma.br
_version_ 1853508046183989248

Registros relacionados