| CPC G06F 21/6218 (2013.01) [G06F 16/2423 (2019.01); G06F 16/24534 (2019.01); G06F 21/31 (2013.01); G06F 21/602 (2013.01)] | 18 Claims |
|
1. A method for data processing at a database system comprising a database proxy and a database, the method comprising:
receiving, at the database proxy, a query associated with a user and comprising an indication of data associated with the database, wherein the query further comprises privacy metadata indicating a data processing activity for using the data;
identifying a data processing permit stored for the database system that supports both the query and at least a subset of the data indicated by the query based at least in part on the data processing permit indicating a legitimizing reason for the user to access at least the subset of the data for use in the data processing activity;
transforming, at the database proxy, the query based at least in part on an encryption schema of the database; and
executing, at the database, the transformed query based at least in part on identifying the data processing permit, wherein executing the transformed query comprises:
filtering out a first subset of data fields from a data column of the database based at least in part on a hidden column of the database indicating row-level consent for the data column, the hidden column failing to support direct querying of values stored in the hidden column; and
determining a query result for the transformed query based at least in part on the filtering.
|