Algorithm 1 GDPR-based ACP Derivation

1:input:$ConsJF$ 2:output:$GACP$ 3:$GACP\leftarrow \left\{\right\}$ 4:$ConsJFAsPOJO\leftarrow JasonManager.parse\left(ConsJF\right)$ 5:$cID\leftarrow ConsJFAsPOJO.getCID\left(\right)$ 6:if$ConsJFAsPOJO.isActive\left(\right)$then 7:  if $PolicyManager.isAlreadyGiven\left(cID\right)$ then 8:    $PolicyManager.DenyAllPolicy\left(cID\right)$ 9:  end if 10:  Foreach $p_j\in ConsJFAsPOJO$ do 11:    $ACR\leftarrow PolicyManager.CreateACPS(p_i,cID)$ 12:    $GACP.add\left(ACR\right)$ 13:  end for 14:else if !$ConsJFAsPOJO.isActive\left(\right)$ then 15:  $PolicyManager.DenyAllPolicy\left(cID\right)$ 16:end if 17:return$GACP$

▹ Consent as Json File ▹ GDPR-based ACP expressed in XACML               ▹ For each Purpose ▹ Create a specific rule ▹ Add the rule to the current policy         ▹ Return the GDPR-based ACP related with the consent