The implementation of the GDPR that aims at protecting European citizens’ privacy is still a real challenge. In particular, in Big Data systems where data are voluminous and heterogeneous, it is hard to track data evolution through its complex life cycle ranging from collection, ingestion, storage and analytics. In this context, from 2016 to 2021 research has been conducted and several security tools designed. However, they are either specific to particular applications or address partially the regulation articles. To identify the covered parts, the missed ones and the necessary metrics for comparing different works, we propose a framework for GDPR compliance. The framework identifies the main components for the regulation implementation by mapping requirements aligned with GDPR’s provisions to IT design requirements. Based on this framework, we compare the main GDPR solutions in the Big Data domain and we propose a guideline for GDPR verification and implementation in Big Data systems.

旨在保护欧洲公民隐私的 GDPR 的实施仍然是一个真正的挑战。特别是在数据庞大且异构的大数据系统中，很难通过其从收集、摄取、存储和分析的复杂生命周期跟踪数据演变。在此背景下，从 2016 年到 2021 年进行了研究并设计了多种安全工具。但是，它们要么特定于特定应用程序，要么部分解决法规条款。为了确定涵盖的部分、遗漏的部分以及比较不同作品的必要指标，我们提出了一个 GDPR 合规性框架。该框架通过将符合 GDPR 规定的要求映射到 IT 设计要求来确定法规实施的主要组成部分。基于这个框架，