aorist_core/compliance/
mod.rs

1/* Following prescribed Record of Processing Activity by cnil.fr.
2See: https://www.cnil.fr/en/record-processing-activities */
3use crate::concept::{AoristRef, WrappedConcept};
4use aorist_concept::{aorist, Constrainable};
5use aorist_primitives::{AoristConcept, ConceptEnum};
6use derivative::Derivative;
7use aorist_paste::paste;
8use serde::{Deserialize, Serialize};
9use std::fmt::Debug;
10use uuid::Uuid;
11
12#[cfg_attr(feature = "python", pyo3::prelude::pyclass)]
13#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
14pub struct GDPRStakeholder {
15    name: String,
16    street_address: String,
17    postcode: String,
18    city: String,
19    country: String,
20    phone_number: String,
21    email: String,
22    external_organization_name: Option<String>,
23}
24
25#[cfg_attr(feature = "python", pyo3::prelude::pyclass)]
26#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
27pub struct GDPRDataProcessingPurpose {
28    main_purpose: String,
29    sub_purposes: Option<Vec<String>>,
30}
31
32#[macro_export]
33macro_rules! gdpr_data_type {
34    ($name:ident
35     $(, $field: ident : $field_type: ty)*) => {
36        #[cfg_attr(feature = "python", pyo3::prelude::pyclass)]
37        #[derive(Hash, PartialEq, Eq, Clone, Debug, Serialize, Deserialize)]
38        pub struct $name {
39            description: String,
40            $(
41                $field: $field_type,
42            )*
43        }
44     };
45}
46
47gdpr_data_type! {PersonalIdentificationData}
48
49gdpr_data_type! {PersonalLifeData}
50
51gdpr_data_type! {EconomicSituationData}
52
53gdpr_data_type! {TelecommunicationsData}
54
55gdpr_data_type! {LocationData}
56
57gdpr_data_type! {OfficialPersonalIdentifier}
58
59gdpr_data_type! {RacialOrEthnicOrigin}
60
61gdpr_data_type! {PoliticalOpinions}
62
63gdpr_data_type! {ReligionOrPhilosophicalBeliefs}
64
65gdpr_data_type! {TradeUnionMembership}
66
67gdpr_data_type! {GeneticData}
68
69gdpr_data_type! {UniquelyIdentifyingBiometricData}
70
71gdpr_data_type! {HealthData}
72
73gdpr_data_type! {SexLifeAndOrientationData}
74
75gdpr_data_type! {CriminalConvictionAndOffenceData}
76
77#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
78pub enum GDPRPersonalDataCategory {
79    PersonalIdentificationData(PersonalIdentificationData),
80    PersonalLifeData(PersonalLifeData),
81    EconomicSituationData(EconomicSituationData),
82    TelecommunicationsData(TelecommunicationsData),
83    LocationData(LocationData),
84    OfficialPersonalIdentifier(OfficialPersonalIdentifier),
85    RacialOrEthnicOrigin(RacialOrEthnicOrigin),
86    PoliticalOpinions(PoliticalOpinions),
87    ReligionOrPhilosophicalBeliefs(ReligionOrPhilosophicalBeliefs),
88    TradeUnionMembership(TradeUnionMembership),
89    GeneticData(GeneticData),
90    UniquelyIdentifyingBiometricData(UniquelyIdentifyingBiometricData),
91    HealthData(HealthData),
92    SexLifeAndOrientationData(SexLifeAndOrientationData),
93    CriminalConvictionAndOffenceData(CriminalConvictionAndOffenceData),
94}
95
96#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
97pub enum GDPRDataSubjectCategory {
98    Employees(String),
99    InternalServices(String),
100    Customers(String),
101    Suppliers(String),
102    ServiceProviders(String),
103    PotentialCustomers(String),
104    Applicants(String),
105    Other(String),
106}
107
108#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
109pub enum GDPRDataProcessingRecipient {
110    InternalDepartment(String),
111    Processor(String),
112    RecipientInThirdCountryOrInternationalOrganization(String),
113    InstitutionalOrCommercialPartner(String),
114    Other(String),
115}
116
117#[cfg_attr(feature = "python", pyo3::prelude::pyclass)]
118#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
119pub struct GDPRProcessorRecord {
120    unique_short_name: String,
121    name_of_processing_operation: String,
122    processing_start_date: String,
123    controller: GDPRStakeholder,
124    data_protection_officer: GDPRStakeholder,
125    representative: Option<GDPRStakeholder>,
126    joint_controllers: Option<Vec<GDPRStakeholder>>,
127    data_processing_purposes: Vec<GDPRDataProcessingPurpose>,
128    personal_data_categories_used: Vec<GDPRPersonalDataCategory>,
129    data_subject_categories: Vec<GDPRDataSubjectCategory>,
130    data_processing_recipients: Vec<GDPRDataProcessingRecipient>,
131}
132
133#[cfg_attr(feature = "python", pyo3::prelude::pyclass)]
134#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
135pub struct GDPRSecurityMeasuresStatement {
136    traceability: Vec<String>,
137    software_protection: Vec<String>,
138    data_backup: Vec<String>,
139    data_encryption: Vec<String>,
140    user_access_control: Vec<String>,
141    control_of_processors: Vec<String>,
142    other: Vec<String>,
143}
144
145#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
146pub enum GDPRDataTransferGuarantee {
147    StandardContractualClauses(String),
148    BindingCorporateRules(String),
149    CountryProvidingAdequateLevelOfProtection(String),
150    PrivacyShield(String),
151    CodeOfConduct(String),
152    Certification(String),
153    DerogationsPerArticle49GDPR(String),
154}
155
156#[cfg_attr(feature = "python", pyo3::prelude::pyclass)]
157#[derive(PartialEq, Debug, Eq, Clone, Hash, Serialize, Deserialize)]
158pub struct GDPRThirdPartyCountryOrInternationalOrganizationTransferRecord {
159    recipient_organization_name: String,
160    iso_3166_2c_country_code: String,
161    data_transfer_guarantees: Vec<GDPRDataTransferGuarantee>,
162    links_to_relevant_documents: Option<Vec<String>>,
163}
164
165#[aorist]
166pub struct ComplianceConfig {
167    description: String,
168    data_about_human_subjects: bool,
169    contains_personally_identifiable_information: bool,
170    gdpr_processor_record: Option<GDPRProcessorRecord>,
171}
aorist_core/compliance/mod.rs

aorist_core/compliance/
mod.rs
