@tantainnovative/ndpr-toolkit 1.0.10 → 2.1.1

package/dist/cross-border-BrIy1ieh.d.ts

@@ -0,0 +1,192 @@
+/**
+ * Cross-Border Data Transfer types aligned with NDPA 2023 Part VI (Sections 41-45)
+ * Personal data may only be transferred outside Nigeria under specific conditions
+ */
+/**
+ * Transfer mechanisms recognized under the NDPA
+ */
+type TransferMechanism = 'adequacy_decision' | 'standard_clauses' | 'binding_corporate_rules' | 'ndpc_authorization' | 'explicit_consent' | 'contract_performance' | 'public_interest' | 'legal_claims' | 'vital_interests';
+/**
+ * Adequacy status of a destination country
+ */
+type AdequacyStatus = 'adequate' | 'inadequate' | 'pending_review' | 'unknown';
+/**
+ * Represents a cross-border data transfer record
+ */
+interface CrossBorderTransfer {
+    /** Unique identifier */
+    id: string;
+    /** Destination country or territory */
+    destinationCountry: string;
+    /** ISO country code */
+    destinationCountryCode?: string;
+    /** Adequacy status of the destination */
+    adequacyStatus: AdequacyStatus;
+    /** The transfer mechanism being relied upon */
+    transferMechanism: TransferMechanism;
+    /** Categories of personal data being transferred */
+    dataCategories: string[];
+    /** Whether sensitive personal data is included */
+    includesSensitiveData: boolean;
+    /** Estimated number of data subjects whose data is transferred */
+    estimatedDataSubjects?: number;
+    /** Name of the recipient organization */
+    recipientOrganization: string;
+    /** Contact details of the recipient */
+    recipientContact: {
+        name: string;
+        email: string;
+        phone?: string;
+        address?: string;
+    };
+    /** Purpose of the data transfer */
+    purpose: string;
+    /** Safeguards in place to protect the data */
+    safeguards: string[];
+    /** Risk assessment summary */
+    riskAssessment: string;
+    /** Risk level of the transfer */
+    riskLevel: 'low' | 'medium' | 'high';
+    /** NDPC approval details (required for some transfer mechanisms) */
+    ndpcApproval?: {
+        required: boolean;
+        applied: boolean;
+        approved?: boolean;
+        referenceNumber?: string;
+        appliedAt?: number;
+        approvedAt?: number;
+    };
+    /** Whether a Transfer Impact Assessment has been conducted */
+    tiaCompleted: boolean;
+    /** Reference to the TIA document */
+    tiaReference?: string;
+    /** Frequency of the transfer */
+    frequency: 'one_time' | 'periodic' | 'continuous';
+    /** Start date of the transfer */
+    startDate: number;
+    /** End date of the transfer (if applicable) */
+    endDate?: number;
+    /** Status of the transfer */
+    status: 'active' | 'suspended' | 'terminated' | 'pending_approval';
+    /** Timestamp when the record was created */
+    createdAt: number;
+    /** Timestamp when the record was last updated */
+    updatedAt: number;
+    /** Next review date */
+    reviewDate?: number;
+}
+/**
+ * Transfer Impact Assessment (TIA) for cross-border transfers
+ */
+interface TransferImpactAssessment {
+    /** Unique identifier */
+    id: string;
+    /** ID of the associated cross-border transfer */
+    transferId: string;
+    /** Date the assessment was conducted */
+    assessmentDate: number;
+    /** Person who conducted the assessment */
+    assessor: {
+        name: string;
+        role: string;
+        email: string;
+    };
+    /** Analysis of the destination country's legal framework */
+    destinationLegalFramework: string;
+    /** Whether the destination has data protection legislation */
+    hasDataProtectionLaw: boolean;
+    /** Whether the destination has an independent supervisory authority */
+    hasIndependentAuthority: boolean;
+    /** Risk of government access to the data */
+    governmentAccessRisk: 'low' | 'medium' | 'high';
+    /** Overall assessment of data protection level */
+    dataProtectionLevel: 'adequate' | 'partially_adequate' | 'inadequate';
+    /** Supplementary measures to address gaps */
+    supplementaryMeasures: string[];
+    /** Technical measures (encryption, pseudonymization, etc.) */
+    technicalMeasures: string[];
+    /** Contractual measures */
+    contractualMeasures: string[];
+    /** Organizational measures */
+    organizationalMeasures: string[];
+    /** Overall conclusion */
+    conclusion: string;
+    /** Whether the transfer can proceed based on the assessment */
+    approved: boolean;
+    /** Conditions for the transfer (if approved with conditions) */
+    conditions?: string[];
+}
+/**
+ * Summary of cross-border transfer compliance
+ */
+interface CrossBorderSummary {
+    /** Total number of active transfers */
+    totalActiveTransfers: number;
+    /** Breakdown by transfer mechanism */
+    byMechanism: Record<TransferMechanism, number>;
+    /** Breakdown by adequacy status */
+    byAdequacy: Record<AdequacyStatus, number>;
+    /** Transfers pending NDPC approval */
+    pendingApproval: CrossBorderTransfer[];
+    /** Transfers due for review */
+    dueForReview: CrossBorderTransfer[];
+    /** Transfers missing TIA */
+    missingTIA: CrossBorderTransfer[];
+    /** High-risk transfers */
+    highRiskTransfers: CrossBorderTransfer[];
+    /** Last updated timestamp */
+    lastUpdated: number;
+}
+
+/**
+ * Validation result for a cross-border transfer
+ */
+interface TransferValidationResult {
+    isValid: boolean;
+    errors: string[];
+    warnings: string[];
+}
+/**
+ * Risk assessment result for a cross-border transfer
+ */
+interface TransferRiskResult {
+    riskLevel: 'low' | 'medium' | 'high';
+    riskScore: number;
+    factors: string[];
+    recommendations: string[];
+}
+/**
+ * Returns whether NDPC approval is required for a given transfer mechanism.
+ * Approval is required for standard contractual clauses (Section 42),
+ * binding corporate rules (Section 43), and specific NDPC authorization (Section 44).
+ *
+ * @param mechanism The transfer mechanism
+ * @returns Whether NDPC approval is required
+ */
+declare function isNDPCApprovalRequired(mechanism: TransferMechanism): boolean;
+/**
+ * Returns a human-readable description of a transfer mechanism with its NDPA section reference.
+ *
+ * @param mechanism The transfer mechanism
+ * @returns Description including the relevant NDPA section
+ */
+declare function getTransferMechanismDescription(mechanism: TransferMechanism): string;
+/**
+ * Validates a cross-border transfer record for completeness and compliance.
+ * Checks required fields, verifies that NDPC approval is documented when required,
+ * and ensures safeguards are in place.
+ *
+ * @param transfer The cross-border transfer to validate
+ * @returns Validation result with errors and warnings
+ */
+declare function validateTransfer(transfer: CrossBorderTransfer): TransferValidationResult;
+/**
+ * Performs a basic risk assessment of a cross-border transfer based on adequacy status,
+ * transfer mechanism, and data sensitivity.
+ *
+ * @param transfer The cross-border transfer to assess
+ * @returns Risk assessment result with score, factors, and recommendations
+ */
+declare function assessTransferRisk(transfer: CrossBorderTransfer): TransferRiskResult;
+
+export { type AdequacyStatus as A, type CrossBorderTransfer as C, type TransferMechanism as T, type TransferImpactAssessment as a, type CrossBorderSummary as b, assessTransferRisk as c, type TransferValidationResult as d, type TransferRiskResult as e, getTransferMechanismDescription as g, isNDPCApprovalRequired as i, validateTransfer as v };

package/dist/cross-border.d.mts

@@ -0,0 +1,58 @@
+import React from 'react';
+import { C as CrossBorderTransfer, b as CrossBorderSummary } from './cross-border-BrIy1ieh.mjs';
+export { A as AdequacyStatus, a as TransferImpactAssessment, T as TransferMechanism, e as TransferRiskResult, d as TransferValidationResult, c as assessTransferRisk, g as getTransferMechanismDescription, i as isNDPCApprovalRequired, v as validateTransfer } from './cross-border-BrIy1ieh.mjs';
+export { u as useCrossBorderTransfer } from './useCrossBorderTransfer-TVnY8_UX.mjs';
+
+interface CrossBorderTransferManagerProps {
+    /**
+     * List of cross-border transfers to display
+     */
+    transfers: CrossBorderTransfer[];
+    /**
+     * Callback when a new transfer is added
+     */
+    onAddTransfer?: (transfer: Omit<CrossBorderTransfer, 'id' | 'createdAt' | 'updatedAt'>) => void;
+    /**
+     * Callback when a transfer is updated
+     */
+    onUpdateTransfer?: (id: string, updates: Partial<CrossBorderTransfer>) => void;
+    /**
+     * Callback when a transfer is removed
+     */
+    onRemoveTransfer?: (id: string) => void;
+    /**
+     * Compliance summary data
+     */
+    summary?: CrossBorderSummary;
+    /**
+     * Title displayed on the manager
+     * @default "Cross-Border Data Transfer Manager"
+     */
+    title?: string;
+    /**
+     * Description text displayed on the manager
+     * @default "Manage and document cross-border personal data transfers in compliance with NDPA 2023 Part VI (Sections 41-45)."
+     */
+    description?: string;
+    /**
+     * Custom CSS class for the manager container
+     */
+    className?: string;
+    /**
+     * Custom CSS class for buttons
+     */
+    buttonClassName?: string;
+    /**
+     * Whether to show the compliance summary section
+     * @default true
+     */
+    showSummary?: boolean;
+    /**
+     * Whether to show the TIA section in the form
+     * @default true
+     */
+    showTIA?: boolean;
+}
+declare const CrossBorderTransferManager: React.FC<CrossBorderTransferManagerProps>;
+
+export { CrossBorderSummary, CrossBorderTransfer, CrossBorderTransferManager };

package/dist/cross-border.d.ts

@@ -0,0 +1,58 @@
+import React from 'react';
+import { C as CrossBorderTransfer, b as CrossBorderSummary } from './cross-border-BrIy1ieh.js';
+export { A as AdequacyStatus, a as TransferImpactAssessment, T as TransferMechanism, e as TransferRiskResult, d as TransferValidationResult, c as assessTransferRisk, g as getTransferMechanismDescription, i as isNDPCApprovalRequired, v as validateTransfer } from './cross-border-BrIy1ieh.js';
+export { u as useCrossBorderTransfer } from './useCrossBorderTransfer-D4FQYfFt.js';
+
+interface CrossBorderTransferManagerProps {
+    /**
+     * List of cross-border transfers to display
+     */
+    transfers: CrossBorderTransfer[];
+    /**
+     * Callback when a new transfer is added
+     */
+    onAddTransfer?: (transfer: Omit<CrossBorderTransfer, 'id' | 'createdAt' | 'updatedAt'>) => void;
+    /**
+     * Callback when a transfer is updated
+     */
+    onUpdateTransfer?: (id: string, updates: Partial<CrossBorderTransfer>) => void;
+    /**
+     * Callback when a transfer is removed
+     */
+    onRemoveTransfer?: (id: string) => void;
+    /**
+     * Compliance summary data
+     */
+    summary?: CrossBorderSummary;
+    /**
+     * Title displayed on the manager
+     * @default "Cross-Border Data Transfer Manager"
+     */
+    title?: string;
+    /**
+     * Description text displayed on the manager
+     * @default "Manage and document cross-border personal data transfers in compliance with NDPA 2023 Part VI (Sections 41-45)."
+     */
+    description?: string;
+    /**
+     * Custom CSS class for the manager container
+     */
+    className?: string;
+    /**
+     * Custom CSS class for buttons
+     */
+    buttonClassName?: string;
+    /**
+     * Whether to show the compliance summary section
+     * @default true
+     */
+    showSummary?: boolean;
+    /**
+     * Whether to show the TIA section in the form
+     * @default true
+     */
+    showTIA?: boolean;
+}
+declare const CrossBorderTransferManager: React.FC<CrossBorderTransferManagerProps>;
+
+export { CrossBorderSummary, CrossBorderTransfer, CrossBorderTransferManager };

package/dist/cross-border.js

@@ -0,0 +1,2 @@
+'use strict';var chunkAQEGDEQM_js=require('./chunk-AQEGDEQM.js'),chunk5ZBO2UPH_js=require('./chunk-5ZBO2UPH.js'),chunkIQF726GS_js=require('./chunk-IQF726GS.js');require('./chunk-MQFZHA2D.js');Object.defineProperty(exports,"CrossBorderTransferManager",{enumerable:true,get:function(){return chunkAQEGDEQM_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunk5ZBO2UPH_js.a}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkIQF726GS_js.d}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkIQF726GS_js.b}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkIQF726GS_js.a}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkIQF726GS_js.c}});//# sourceMappingURL=cross-border.js.map
+//# sourceMappingURL=cross-border.js.map

package/dist/cross-border.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"cross-border.js"}

package/dist/cross-border.mjs

@@ -0,0 +1,2 @@
+export{a as CrossBorderTransferManager}from'./chunk-2XHD22J7.mjs';export{a as useCrossBorderTransfer}from'./chunk-VMJBW3EF.mjs';export{d as assessTransferRisk,b as getTransferMechanismDescription,a as isNDPCApprovalRequired,c as validateTransfer}from'./chunk-QKK5S54L.mjs';import'./chunk-WWT2ZSNU.mjs';//# sourceMappingURL=cross-border.mjs.map
+//# sourceMappingURL=cross-border.mjs.map

package/dist/cross-border.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"cross-border.mjs"}

package/dist/dpia-B9ZZJG5a.d.mts

@@ -0,0 +1,15 @@
+import { b as DPIAResult } from './dpia-vWfE_9bO.mjs';
+
+/**
+ * Assesses the risk level of a DPIA based on the identified risks
+ * @param dpiaResult The DPIA result containing risks to assess
+ * @returns Assessment result with overall risk level and recommendations
+ */
+declare function assessDPIARisk(dpiaResult: DPIAResult): {
+    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
+    requiresConsultation: boolean;
+    canProceed: boolean;
+    recommendations: string[];
+};
+
+export { assessDPIARisk as a };

package/dist/dpia-fdtTd2DI.d.ts

@@ -0,0 +1,15 @@
+import { b as DPIAResult } from './dpia-vWfE_9bO.js';
+
+/**
+ * Assesses the risk level of a DPIA based on the identified risks
+ * @param dpiaResult The DPIA result containing risks to assess
+ * @returns Assessment result with overall risk level and recommendations
+ */
+declare function assessDPIARisk(dpiaResult: DPIAResult): {
+    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
+    requiresConsultation: boolean;
+    canProceed: boolean;
+    recommendations: string[];
+};
+
+export { assessDPIARisk as a };

package/dist/dpia-vWfE_9bO.d.mts

@@ -0,0 +1,137 @@
+/**
+ * Data Protection Impact Assessment types aligned with NDPA 2023 Sections 38-39
+ * A DPIA is required when processing is likely to result in high risk to data subjects
+ */
+/**
+ * Represents a question in the DPIA questionnaire
+ */
+interface DPIAQuestion {
+    /** Unique identifier for the question */
+    id: string;
+    /** The text of the question */
+    text: string;
+    /** Additional guidance for answering the question */
+    guidance?: string;
+    /** Type of input required for the answer */
+    type: 'text' | 'textarea' | 'select' | 'radio' | 'checkbox' | 'scale';
+    /** Options for select, radio, or checkbox questions */
+    options?: Array<{
+        value: string;
+        label: string;
+        riskLevel?: 'low' | 'medium' | 'high';
+    }>;
+    /** For scale questions, the minimum value */
+    minValue?: number;
+    /** For scale questions, the maximum value */
+    maxValue?: number;
+    /** For scale questions, labels for the scale points */
+    scaleLabels?: Record<number, string>;
+    /** Whether the question is required */
+    required: boolean;
+    /** Risk level associated with this question */
+    riskLevel?: 'low' | 'medium' | 'high';
+    /** Whether this question triggers additional questions based on the answer */
+    hasDependentQuestions?: boolean;
+    /** Conditions that determine when this question should be shown */
+    showWhen?: Array<{
+        questionId: string;
+        operator: 'equals' | 'contains' | 'greaterThan' | 'lessThan';
+        value: any;
+    }>;
+}
+/**
+ * Represents a section in the DPIA questionnaire
+ */
+interface DPIASection {
+    /** Unique identifier for the section */
+    id: string;
+    /** Title of the section */
+    title: string;
+    /** Description of the section */
+    description?: string;
+    /** Questions in this section */
+    questions: DPIAQuestion[];
+    /** Order of the section in the questionnaire */
+    order: number;
+}
+/**
+ * Represents a risk identified in the DPIA
+ */
+interface DPIARisk {
+    /** Unique identifier for the risk */
+    id: string;
+    /** Description of the risk */
+    description: string;
+    /** Likelihood of the risk occurring (1-5) */
+    likelihood: number;
+    /** Impact if the risk occurs (1-5) */
+    impact: number;
+    /** Overall risk score (likelihood * impact) */
+    score: number;
+    /** Risk level based on the score */
+    level: 'low' | 'medium' | 'high' | 'critical';
+    /** Measures to mitigate the risk */
+    mitigationMeasures?: string[];
+    /** Whether the risk has been mitigated */
+    mitigated: boolean;
+    /** Residual risk score after mitigation */
+    residualScore?: number;
+    /** Questions that identified this risk */
+    relatedQuestionIds: string[];
+}
+/**
+ * Represents the result of a completed DPIA
+ */
+interface DPIAResult {
+    /** Unique identifier for the DPIA */
+    id: string;
+    /** Title of the DPIA */
+    title: string;
+    /** Description of the processing activity being assessed */
+    processingDescription: string;
+    /** Timestamp when the DPIA was started */
+    startedAt: number;
+    /** Timestamp when the DPIA was completed */
+    completedAt?: number;
+    /** Person responsible for conducting the DPIA */
+    assessor: {
+        name: string;
+        role: string;
+        email: string;
+    };
+    /** Answers to all questions in the DPIA */
+    answers: Record<string, any>;
+    /** Risks identified in the DPIA */
+    risks: DPIARisk[];
+    /** Overall risk level of the processing activity */
+    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /** Whether the DPIA concluded that the processing can proceed */
+    canProceed: boolean;
+    /** Reasons why the processing can or cannot proceed */
+    conclusion: string;
+    /** Recommendations for the processing activity */
+    recommendations?: string[];
+    /** Next review date for the DPIA */
+    reviewDate?: number;
+    /** Version of the DPIA questionnaire used */
+    version: string;
+    /**
+     * Whether prior consultation with NDPC is required
+     * Per NDPA Section 39, consultation is required when DPIA indicates high residual risk
+     */
+    ndpcConsultationRequired?: boolean;
+    /** Date when NDPC consultation was initiated */
+    ndpcConsultationDate?: number;
+    /** Reference number from NDPC consultation */
+    ndpcConsultationReference?: string;
+    /**
+     * The lawful basis for the processing activity being assessed
+     */
+    lawfulBasis?: string;
+    /**
+     * Whether this DPIA involves cross-border data transfers
+     */
+    involvesCrossBorderTransfer?: boolean;
+}
+
+export type { DPIAQuestion as D, DPIASection as a, DPIAResult as b, DPIARisk as c };

package/dist/dpia-vWfE_9bO.d.ts

@@ -0,0 +1,137 @@
+/**
+ * Data Protection Impact Assessment types aligned with NDPA 2023 Sections 38-39
+ * A DPIA is required when processing is likely to result in high risk to data subjects
+ */
+/**
+ * Represents a question in the DPIA questionnaire
+ */
+interface DPIAQuestion {
+    /** Unique identifier for the question */
+    id: string;
+    /** The text of the question */
+    text: string;
+    /** Additional guidance for answering the question */
+    guidance?: string;
+    /** Type of input required for the answer */
+    type: 'text' | 'textarea' | 'select' | 'radio' | 'checkbox' | 'scale';
+    /** Options for select, radio, or checkbox questions */
+    options?: Array<{
+        value: string;
+        label: string;
+        riskLevel?: 'low' | 'medium' | 'high';
+    }>;
+    /** For scale questions, the minimum value */
+    minValue?: number;
+    /** For scale questions, the maximum value */
+    maxValue?: number;
+    /** For scale questions, labels for the scale points */
+    scaleLabels?: Record<number, string>;
+    /** Whether the question is required */
+    required: boolean;
+    /** Risk level associated with this question */
+    riskLevel?: 'low' | 'medium' | 'high';
+    /** Whether this question triggers additional questions based on the answer */
+    hasDependentQuestions?: boolean;
+    /** Conditions that determine when this question should be shown */
+    showWhen?: Array<{
+        questionId: string;
+        operator: 'equals' | 'contains' | 'greaterThan' | 'lessThan';
+        value: any;
+    }>;
+}
+/**
+ * Represents a section in the DPIA questionnaire
+ */
+interface DPIASection {
+    /** Unique identifier for the section */
+    id: string;
+    /** Title of the section */
+    title: string;
+    /** Description of the section */
+    description?: string;
+    /** Questions in this section */
+    questions: DPIAQuestion[];
+    /** Order of the section in the questionnaire */
+    order: number;
+}
+/**
+ * Represents a risk identified in the DPIA
+ */
+interface DPIARisk {
+    /** Unique identifier for the risk */
+    id: string;
+    /** Description of the risk */
+    description: string;
+    /** Likelihood of the risk occurring (1-5) */
+    likelihood: number;
+    /** Impact if the risk occurs (1-5) */
+    impact: number;
+    /** Overall risk score (likelihood * impact) */
+    score: number;
+    /** Risk level based on the score */
+    level: 'low' | 'medium' | 'high' | 'critical';
+    /** Measures to mitigate the risk */
+    mitigationMeasures?: string[];
+    /** Whether the risk has been mitigated */
+    mitigated: boolean;
+    /** Residual risk score after mitigation */
+    residualScore?: number;
+    /** Questions that identified this risk */
+    relatedQuestionIds: string[];
+}
+/**
+ * Represents the result of a completed DPIA
+ */
+interface DPIAResult {
+    /** Unique identifier for the DPIA */
+    id: string;
+    /** Title of the DPIA */
+    title: string;
+    /** Description of the processing activity being assessed */
+    processingDescription: string;
+    /** Timestamp when the DPIA was started */
+    startedAt: number;
+    /** Timestamp when the DPIA was completed */
+    completedAt?: number;
+    /** Person responsible for conducting the DPIA */
+    assessor: {
+        name: string;
+        role: string;
+        email: string;
+    };
+    /** Answers to all questions in the DPIA */
+    answers: Record<string, any>;
+    /** Risks identified in the DPIA */
+    risks: DPIARisk[];
+    /** Overall risk level of the processing activity */
+    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /** Whether the DPIA concluded that the processing can proceed */
+    canProceed: boolean;
+    /** Reasons why the processing can or cannot proceed */
+    conclusion: string;
+    /** Recommendations for the processing activity */
+    recommendations?: string[];
+    /** Next review date for the DPIA */
+    reviewDate?: number;
+    /** Version of the DPIA questionnaire used */
+    version: string;
+    /**
+     * Whether prior consultation with NDPC is required
+     * Per NDPA Section 39, consultation is required when DPIA indicates high residual risk
+     */
+    ndpcConsultationRequired?: boolean;
+    /** Date when NDPC consultation was initiated */
+    ndpcConsultationDate?: number;
+    /** Reference number from NDPC consultation */
+    ndpcConsultationReference?: string;
+    /**
+     * The lawful basis for the processing activity being assessed
+     */
+    lawfulBasis?: string;
+    /**
+     * Whether this DPIA involves cross-border data transfers
+     */
+    involvesCrossBorderTransfer?: boolean;
+}
+
+export type { DPIAQuestion as D, DPIASection as a, DPIAResult as b, DPIARisk as c };