Table 5. Subset of OCL rules derived from GDPR.
| Attributes | Value |
|---|---|
| Rule GDPR-1 | upDate_destinantion_machines_comply_with_GDPR |
| Severity | ERROR |
| Context | upDate |
| Specification | self.machines -> forAll(m | m.GDPRCompliance=true) |
| Rule GDPR-2 | allowed_access_purpose |
| Severity | ERROR |
| Context | StickyPolicy |
| Specification |
self.accessHistory-> forAll(his | his.purpose-> forAll(p | self.purpose->includes(p))) |
| Rule GDPR-3 | tp_in_history_given_permissions |
| Severity | ERROR |
| Context | AccessLog |
| Specification |
self.accessHistory -> forAll( his | AccessLog.allInstances -> exists( log | log.tp = his.tp and log.action = his.actionPerformed)) |
| Rule GDPR-4 | log_access_match_sp_access |
| Severity | ERROR |
| Context | AccessLog |
| Specification |
AccessLog.allInstances() -> forAll(log | log.sp.accessHistory -> exists(access | access.tp = log.tp and access.actionPerformed=log.action)) |
| Rule GDPR-5 | no_access_permission_given_without_user_consent |
| Severity | ERROR |
| Context | permission |
| Specification |
permission.allInstances() -> forAll(ok.allInstances() -> exists(okmsg|self.purpose -> forAll(p | okmsg.purpose -> includes(p)) and okmsg.permissionType = self.permissionType) and consentInfo.allInstances() -> exists(consentmsg | self.purpose -> forAll( p | consentmsg.purpose->includes(p)) and consentmsg.action = self.permissionType and consentmsg.tp = StatelessAppCTP.allInstances()-> select(tp | tp.base_Lifeline.coveredBy -> includes(self.base\_Message.receiveEvent)))) |