@tantainnovative/ndpr-toolkit 3.5.1 → 3.6.0

package/dist/presets.d.ts

@@ -53,6 +53,44 @@ declare interface BreachFormSubmission {
     dataTypes: string[];
     /** Estimated number of affected data subjects */
     estimatedAffectedSubjects?: number;
+    /**
+     * Approximate number of personal data RECORDS concerned. Distinct from
+     * subject count (one subject may have many records). NDPA Section 40(2).
+     */
+    approximateRecordCount?: number;
+    /**
+     * Categories of data subjects affected (e.g. customers, employees, minors).
+     * NDPA Section 40(2).
+     */
+    dataSubjectCategories?: string[];
+    /** Whether sensitive personal data (NDPA Section 30) is involved */
+    involvesSensitiveData?: boolean;
+    /**
+     * Likely consequences of the breach for affected data subjects.
+     * Required content for the NDPC report and Section 40(3) communications.
+     */
+    likelyConsequences?: string;
+    /**
+     * Measures taken or proposed to mitigate adverse effects.
+     * NDPA Section 40(3).
+     */
+    mitigationMeasures?: string;
+    /**
+     * Data Protection Officer contact details (Section 32(3)(c) — DPO is the
+     * named NDPC contact). Falls back to organisation-level DPO if omitted.
+     */
+    dpoContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+    /**
+     * Whether this is a phased / interim report submitted under Section 40(2)
+     * before complete information is available.
+     */
+    isPhasedReport?: boolean;
+    /** ID of the prior phased report this report supplements, if any. */
+    supplementsReportId?: string;
     /** Current status of the breach */
     status: 'ongoing' | 'contained' | 'resolved';
     /** Initial actions taken to address the breach */
@@ -321,6 +359,12 @@ declare interface DataCategory {
     selected: boolean;
 }
 
+/** A map of question IDs to their answer values */
+declare type DPIAAnswerMap = Record<string, DPIAAnswerValue>;
+
+/** Possible value types for a DPIA answer */
+declare type DPIAAnswerValue = string | number | boolean | string[];
+
 /**
  * Data Protection Impact Assessment types aligned with NDPA 2023 Sections 38-39
  * A DPIA is required when processing is likely to result in high risk to data subjects
@@ -517,6 +561,35 @@ export declare const NDPRComplianceDashboard: React__default.FC<NDPRDashboardPre
 
 export declare const NDPRConsent: React__default.FC<NDPRConsentProps>;
 
+/**
+ * UX copy overrides for the NDPRConsent preset. Pass any subset to
+ * replace the default text without dropping to the lower-level
+ * `<ConsentBanner>` API. Strings you omit fall back to the toolkit
+ * defaults (which already cite NDPA Section 26).
+ *
+ * @example
+ *   <NDPRConsent copy={{
+ *     title: 'Cookie preferences',
+ *     description: 'Acme uses cookies to keep you signed in and improve our store.',
+ *     acceptAll: 'Allow all',
+ *     rejectAll: 'Only essentials',
+ *   }} />
+ */
+declare interface NDPRConsentCopy {
+    /** Banner heading. Default: "We Value Your Privacy" */
+    title?: string;
+    /** Body paragraph under the heading. Default cites NDPA Section 26. */
+    description?: string;
+    /** Primary CTA — accepts all categories. Default: "Accept All" */
+    acceptAll?: string;
+    /** Secondary CTA — rejects all non-essential categories. Default: "Reject All" */
+    rejectAll?: string;
+    /** Tertiary CTA — opens the per-category controls. Default: "Customize" */
+    customize?: string;
+    /** Submit button on the per-category panel. Default: "Save Preferences" */
+    save?: string;
+}
+
 export declare interface NDPRConsentProps {
     extraOptions?: ConsentOption[];
     options?: ConsentOption[];
@@ -525,6 +598,11 @@ export declare interface NDPRConsentProps {
     classNames?: ConsentBannerClassNames;
     unstyled?: boolean;
     onSave?: (settings: ConsentSettings) => void;
+    /**
+     * UX copy overrides — see {@link NDPRConsentCopy}. Lets you brand the
+     * banner without dropping to the lower-level `<ConsentBanner>` API.
+     */
+    copy?: NDPRConsentCopy;
 }
 
 export declare const NDPRCrossBorder: React__default.FC<NDPRCrossBorderProps>;
@@ -574,10 +652,10 @@ export declare const NDPRDPIA: React__default.FC<NDPRDPIAProps>;
 
 export declare interface NDPRDPIAProps {
     sections?: DPIASection[];
-    adapter?: StorageAdapter<Record<string, any>>;
+    adapter?: StorageAdapter<DPIAAnswerMap>;
     classNames?: DPIAQuestionnaireClassNames;
     unstyled?: boolean;
-    onComplete?: (answers: Record<string, any>) => void;
+    onComplete?: (answers: DPIAAnswerMap) => void;
 }
 
 export declare const NDPRLawfulBasis: React__default.FC<NDPRLawfulBasisProps>;
@@ -615,6 +693,45 @@ export declare interface NDPRSubjectRightsProps {
     classNames?: DSRRequestFormClassNames;
     unstyled?: boolean;
     onSubmit?: (data: DSRFormSubmission) => void;
+    /**
+     * Public-form mode. Use when the form should submit to your existing
+     * backend workflow instead of being state-managed by an adapter.
+     *
+     * When `submitTo` is set:
+     * - the form does NOT require an `adapter`
+     * - on submit, the toolkit POSTs the JSON-serialised `DSRFormSubmission`
+     *   to this URL (with `Content-Type: application/json`)
+     * - your `onSubmit` callback still fires (after the POST resolves)
+     * - submit failures are surfaced via `onSubmitError`
+     *
+     * For more control over headers, credentials, or retry behaviour, build
+     * an `apiAdapter` (which now supports CSRF, retry, and error hooks in
+     * 3.6.0) and pass that as `adapter` instead. `submitTo` is the
+     * fire-and-forget shortcut for public forms.
+     *
+     * @example
+     *   <NDPRSubjectRights submitTo="/api/dsr" />
+     */
+    submitTo?: string;
+    /**
+     * Fetch options for the `submitTo` POST. Useful for adding `credentials`
+     * (cookies/auth), `X-CSRF-Token`, or any other header your backend
+     * requires. Ignored unless `submitTo` is set.
+     *
+     * @default { credentials: 'same-origin' }
+     */
+    submitOptions?: {
+        headers?: Record<string, string> | (() => Record<string, string>);
+        credentials?: RequestCredentials;
+    };
+    /**
+     * Called when a `submitTo` POST fails (network error or non-2xx
+     * response). Receives the underlying error or Response.
+     */
+    onSubmitError?: (ctx: {
+        error?: unknown;
+        response?: Response;
+    }) => void;
 }
 
 /**
@@ -913,7 +1030,9 @@ declare interface RequestType {
     /** Description of what this request type entails */
     description: string;
     /**
-     * NDPA section reference (e.g., "Section 30" for access requests)
+     * NDPA 2023 section reference for this right
+     * (e.g., "Section 34(1)(a)" for access, "Section 38" for portability).
+     * Used for display purposes only — verify the exact subsection with counsel.
      */
     ndpaSection?: string;
     /**
@@ -1009,8 +1128,11 @@ declare interface ThirdPartyProcessor {
 }
 
 /**
- * Cross-Border Data Transfer types aligned with NDPA 2023 Part VI (Sections 41-45)
- * Personal data may only be transferred outside Nigeria under specific conditions
+ * Cross-Border Data Transfer types aligned with NDPA 2023 Part VIII (Sections 41-43).
+ * Personal data may only be transferred outside Nigeria under the bases listed in
+ * Section 41(1), where Section 42 defines adequacy and Section 43 lists derogations.
+ *
+ * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel.
  */
 /**
  * Transfer mechanisms recognized under the NDPA

package/dist/presets.js

@@ -1,3 +1,2 @@
 "use client";
-'use strict';var chunk3EGQWLJ6_js=require('./chunk-3EGQWLJ6.js'),chunkHGGLW5TE_js=require('./chunk-HGGLW5TE.js'),chunkLSNL4XR5_js=require('./chunk-LSNL4XR5.js'),chunkNQNFS3QI_js=require('./chunk-NQNFS3QI.js'),chunkXNSZ7KUH_js=require('./chunk-XNSZ7KUH.js');require('./chunk-ORFC66EA.js'),require('./chunk-Z73T6MWY.js'),require('./chunk-YPKUHSK4.js');var chunkS4GRSNB4_js=require('./chunk-S4GRSNB4.js');require('./chunk-CPK5D5FY.js'),require('./chunk-TDDAYVKK.js'),require('./chunk-C4YM4UMI.js'),require('./chunk-GOU6FU6Y.js');var chunkXIM7KMD6_js=require('./chunk-XIM7KMD6.js'),chunkZPKVLTSX_js=require('./chunk-ZPKVLTSX.js'),chunk5HL4UBFV_js=require('./chunk-5HL4UBFV.js'),chunkWTJGLNTB_js=require('./chunk-WTJGLNTB.js');require('./chunk-I54CDQGN.js'),require('./chunk-E64TU6IU.js'),require('./chunk-ELKB2AFZ.js');var chunkMQFZHA2D_js=require('./chunk-MQFZHA2D.js'),jsxRuntime=require('react/jsx-runtime'),react=require('react');var q=[{id:"essential",label:"Essential Cookies",description:"Required for basic site functionality. Cannot be disabled.",required:true,purpose:"Site operation"},{id:"analytics",label:"Analytics",description:"Help us understand how visitors use our site to improve the experience.",required:false,purpose:"Usage analytics"},{id:"marketing",label:"Marketing",description:"Used to deliver relevant advertisements and track campaign effectiveness.",required:false,purpose:"Targeted advertising"},{id:"preferences",label:"Preferences",description:"Remember your settings and preferences for a personalised experience.",required:false,purpose:"Personalisation"}],O=({extraOptions:d=[],options:t,adapter:p,position:l="bottom",classNames:s,unstyled:c,onSave:a})=>{let u=t!=null?t:[...q,...d];return jsxRuntime.jsx(chunkXIM7KMD6_js.a,{options:u,onSave:f=>{p&&p.save(f),a==null||a(f);},position:l,classNames:s,unstyled:c,manageStorage:!p})};var I=[{id:"access",name:"Access My Data",description:"Request a copy of your personal data held by us",ndpaSection:"Section 30",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"rectification",name:"Correct My Data",description:"Request corrections to inaccurate personal data",ndpaSection:"Section 31",estimatedCompletionTime:30,requiresAdditionalInfo:true,additionalFields:[{id:"correction_details",label:"What data needs to be corrected?",type:"textarea",required:true,placeholder:"Please describe the inaccurate data and what the correct information should be"}]},{id:"erasure",name:"Delete My Data",description:"Request deletion of your personal data",ndpaSection:"Section 32",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"portability",name:"Export My Data",description:"Receive your data in a portable format",ndpaSection:"Section 34",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"restrict",name:"Restrict Processing",description:"Request restriction of data processing",ndpaSection:"Section 33",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"object",name:"Object to Processing",description:"Object to processing of your personal data",ndpaSection:"Section 35",estimatedCompletionTime:30,requiresAdditionalInfo:false}],k=({requestTypes:d=I,adapter:t,classNames:p,unstyled:l,onSubmit:s=()=>{}})=>jsxRuntime.jsx(chunkZPKVLTSX_js.a,{requestTypes:d,onSubmit:a=>{t&&t.save(a),s(a);},classNames:p,unstyled:l});var _=[{id:"unauthorized_access",name:"Unauthorized Access",description:"Unauthorized access to personal data",defaultSeverity:"high"},{id:"data_loss",name:"Data Loss",description:"Loss of personal data",defaultSeverity:"high"},{id:"data_theft",name:"Data Theft",description:"Theft of personal data",defaultSeverity:"critical"},{id:"system_breach",name:"System Breach",description:"Breach of system containing personal data",defaultSeverity:"critical"},{id:"accidental_disclosure",name:"Accidental Disclosure",description:"Unintended disclosure of personal data",defaultSeverity:"medium"}],U=({categories:d=_,adapter:t,classNames:p,unstyled:l,onSubmit:s=()=>{}})=>jsxRuntime.jsx(chunkWTJGLNTB_js.a,{categories:d,onSubmit:a=>{t&&t.save(a),s(a);},classNames:p,unstyled:l});var E=d=>jsxRuntime.jsx(chunk3EGQWLJ6_js.a,chunkMQFZHA2D_js.a({},d));var Y=[{id:"project_overview",title:"Project Overview",description:"Provide basic details about the processing activity being assessed.",order:0,questions:[{id:"project_name",text:"What is the name of the project or processing activity?",type:"text",required:true},{id:"project_description",text:"Describe the nature and purpose of the processing.",guidance:"Include what personal data will be collected, why it is needed, and how it will be used.",type:"textarea",required:true},{id:"data_controller",text:"Who is the data controller responsible for this processing?",type:"text",required:true}]},{id:"necessity",title:"Necessity & Proportionality",description:"Assess whether the processing is necessary and proportionate to the purposes.",order:1,questions:[{id:"lawful_basis",text:"What is the lawful basis for processing under the NDPA 2023?",type:"select",required:true,options:[{value:"consent",label:"Consent (Section 25(1)(a))"},{value:"contract",label:"Contract (Section 25(1)(b))"},{value:"legal_obligation",label:"Legal Obligation (Section 25(1)(c))"},{value:"vital_interests",label:"Vital Interests (Section 25(1)(d))"},{value:"public_task",label:"Public Task (Section 25(1)(e))"},{value:"legitimate_interests",label:"Legitimate Interests (Section 25(1)(f))"}]},{id:"data_minimisation",text:"Is the processing limited to what is necessary for the specified purpose?",type:"radio",required:true,options:[{value:"yes",label:"Yes \u2014 only minimum data is collected",riskLevel:"low"},{value:"partial",label:"Partially \u2014 some additional data may be collected",riskLevel:"medium"},{value:"no",label:"No \u2014 more data is collected than strictly necessary",riskLevel:"high"}]}]},{id:"risk_identification",title:"Risk Identification",description:"Identify and assess risks to data subjects arising from the processing.",order:2,questions:[{id:"sensitive_data",text:"Does the processing involve sensitive personal data (e.g., health, biometric, financial, children's data)?",type:"radio",required:true,options:[{value:"no",label:"No sensitive data",riskLevel:"low"},{value:"yes_protected",label:"Yes, with appropriate safeguards",riskLevel:"medium"},{value:"yes_unprotected",label:"Yes, without adequate safeguards",riskLevel:"high"}]},{id:"scale",text:"What is the scale of processing?",type:"radio",required:true,options:[{value:"small",label:"Small scale (fewer than 1,000 individuals)",riskLevel:"low"},{value:"medium",label:"Medium scale (1,000 to 100,000 individuals)",riskLevel:"medium"},{value:"large",label:"Large scale (over 100,000 individuals)",riskLevel:"high"}]},{id:"cross_border",text:"Will data be transferred outside Nigeria?",type:"radio",required:true,options:[{value:"no",label:"No international transfers",riskLevel:"low"},{value:"adequate",label:"Yes, to countries with adequate protection",riskLevel:"medium"},{value:"inadequate",label:"Yes, to countries without adequate protection",riskLevel:"high"}]}]},{id:"mitigation",title:"Risk Mitigation & Measures",description:"Document the measures taken to address identified risks.",order:3,questions:[{id:"security_measures",text:"What technical and organisational security measures are in place?",guidance:"Include encryption, access controls, pseudonymisation, staff training, etc.",type:"textarea",required:true},{id:"retention_period",text:"What is the data retention period?",guidance:"Specify how long data will be kept and the criteria used to determine this.",type:"text",required:true},{id:"dpo_consulted",text:"Has the Data Protection Officer (DPO) been consulted on this assessment?",type:"radio",required:false,options:[{value:"yes",label:"Yes",riskLevel:"low"},{value:"no",label:"No",riskLevel:"medium"},{value:"na",label:"Not applicable \u2014 no DPO appointed",riskLevel:"medium"}]}]}],z=({sections:d=Y,adapter:t,classNames:p,unstyled:l,onComplete:s=()=>{}})=>{let[c,a]=react.useState({}),[u,y]=react.useState(0),f=(i,T)=>{a(B=>chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a({},B),{[i]:T}));},e=()=>{u<d.length-1?y(i=>i+1):(t&&t.save(c),s(c));},r=()=>{u>0&&y(i=>i-1);},o=Math.round((u+1)/d.length*100);return jsxRuntime.jsx(chunk5HL4UBFV_js.a,{sections:d,answers:c,onAnswerChange:f,currentSectionIndex:u,onNextSection:e,onPrevSection:r,progress:o,classNames:p,unstyled:l})};var H=({initialActivities:d=[],adapter:t,classNames:p,unstyled:l})=>{let[s,c]=react.useState(()=>{if(t){let e=t.load();if(e&&!(e instanceof Promise))return e}return d}),a=e=>{t&&t.save(e);};return jsxRuntime.jsx(chunkLSNL4XR5_js.a,{activities:s,onAddActivity:e=>{let r=Date.now(),o=chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a({},e),{id:`activity-${r}`,createdAt:r,updatedAt:r}),i=[...s,o];c(i),a(i);},onUpdateActivity:(e,r)=>{let o=s.map(i=>i.id===e?chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a(chunkMQFZHA2D_js.a({},i),r),{updatedAt:Date.now()}):i);c(o),a(o);},onArchiveActivity:e=>{let r=s.map(o=>o.id===e?chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a({},o),{status:"inactive",updatedAt:Date.now()}):o);c(r),a(r);},classNames:p,unstyled:l})};var V=({initialTransfers:d=[],adapter:t,classNames:p,unstyled:l})=>{let[s,c]=react.useState(()=>{if(t){let e=t.load();if(e&&!(e instanceof Promise))return e}return d}),a=e=>{t&&t.save(e);};return jsxRuntime.jsx(chunkNQNFS3QI_js.a,{transfers:s,onAddTransfer:e=>{let r=Date.now(),o=chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a({},e),{id:`transfer-${r}`,createdAt:r,updatedAt:r}),i=[...s,o];c(i),a(i);},onUpdateTransfer:(e,r)=>{let o=s.map(i=>i.id===e?chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a(chunkMQFZHA2D_js.a({},i),r),{updatedAt:Date.now()}):i);c(o),a(o);},onRemoveTransfer:e=>{let r=s.filter(o=>o.id!==e);c(r),a(r);},classNames:p,unstyled:l})};var Z={id:"ndpr-ropa-default",organizationName:"Your Organisation",organizationContact:"",organizationAddress:"",records:[],lastUpdated:Date.now(),version:"1.0"},ee=({initialData:d,adapter:t,classNames:p,unstyled:l})=>{let[s,c]=react.useState(d!=null?d:Z);react.useEffect(()=>{if(!t)return;let e=false;return chunkMQFZHA2D_js.d(null,null,function*(){let o=yield t.load();!e&&o&&c(o);}),()=>{e=true;}},[t]);let a=e=>{t&&t.save(e);};return jsxRuntime.jsx(chunkXNSZ7KUH_js.a,{ropa:s,onAddRecord:e=>{let r=chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a({},s),{records:[...s.records,e],lastUpdated:Date.now()});c(r),a(r);},onUpdateRecord:(e,r)=>{let o=chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a({},s),{records:s.records.map(i=>i.id===e?chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a(chunkMQFZHA2D_js.a({},i),r),{updatedAt:Date.now()}):i),lastUpdated:Date.now()});c(o),a(o);},onArchiveRecord:e=>{let r=chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a({},s),{records:s.records.map(o=>o.id===e?chunkMQFZHA2D_js.b(chunkMQFZHA2D_js.a({},o),{status:"archived",updatedAt:Date.now()}):o),lastUpdated:Date.now()});c(r),a(r);},classNames:p,unstyled:l})};var re=p=>{var l=p,{input:d}=l,t=chunkMQFZHA2D_js.c(l,["input"]);let s=chunkS4GRSNB4_js.a(d);return jsxRuntime.jsx(chunkHGGLW5TE_js.a,chunkMQFZHA2D_js.a({report:s},t))};exports.NDPRBreachReport=U;exports.NDPRComplianceDashboard=re;exports.NDPRConsent=O;exports.NDPRCrossBorder=V;exports.NDPRDPIA=z;exports.NDPRLawfulBasis=H;exports.NDPRPrivacyPolicy=E;exports.NDPRROPA=ee;exports.NDPRSubjectRights=k;//# sourceMappingURL=presets.js.map
-//# sourceMappingURL=presets.js.map
+'use strict';var chunkW7RBGZCC_js=require('./chunk-W7RBGZCC.js');require('./chunk-I2LMQWK3.js');var chunkV3RYHNHN_js=require('./chunk-V3RYHNHN.js'),chunkRXZFYBUJ_js=require('./chunk-RXZFYBUJ.js'),chunkNUWVPRNI_js=require('./chunk-NUWVPRNI.js'),chunkPZRQWPWD_js=require('./chunk-PZRQWPWD.js'),chunkI3Y4LOSL_js=require('./chunk-I3Y4LOSL.js'),chunk5GVMKUMP_js=require('./chunk-5GVMKUMP.js');require('./chunk-UI536RU2.js'),require('./chunk-N3MQQUQP.js');var chunkQPRYXVH2_js=require('./chunk-QPRYXVH2.js');require('./chunk-Q64735OC.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-4CVBQC66.js'),require('./chunk-732C2EVN.js'),require('./chunk-L2VO3MEJ.js'),require('./chunk-W47OSMT6.js');var chunkWDDCKYWA_js=require('./chunk-WDDCKYWA.js'),chunkS6COXIZA_js=require('./chunk-S6COXIZA.js');require('./chunk-UXUMYP4L.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-AME4HJR4.js'),require('./chunk-VWED6UTN.js');var chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js'),jsxRuntime=require('react/jsx-runtime'),react=require('react');var L=[{id:"unauthorized_access",name:"Unauthorized Access",description:"Unauthorized access to personal data",defaultSeverity:"high"},{id:"data_loss",name:"Data Loss",description:"Loss of personal data",defaultSeverity:"high"},{id:"data_theft",name:"Data Theft",description:"Theft of personal data",defaultSeverity:"critical"},{id:"system_breach",name:"System Breach",description:"Breach of system containing personal data",defaultSeverity:"critical"},{id:"accidental_disclosure",name:"Accidental Disclosure",description:"Unintended disclosure of personal data",defaultSeverity:"medium"}],I=({categories:c=L,adapter:s,classNames:u,unstyled:p,onSubmit:o=()=>{}})=>jsxRuntime.jsx(chunkS6COXIZA_js.a,{categories:c,onSubmit:d=>{s&&s.save(d),o(d);},classNames:u,unstyled:p});var k=[{id:"project_overview",title:"Project Overview",description:"Provide basic details about the processing activity being assessed.",order:0,questions:[{id:"project_name",text:"What is the name of the project or processing activity?",type:"text",required:true},{id:"project_description",text:"Describe the nature and purpose of the processing.",guidance:"Include what personal data will be collected, why it is needed, and how it will be used.",type:"textarea",required:true},{id:"data_controller",text:"Who is the data controller responsible for this processing?",type:"text",required:true}]},{id:"necessity",title:"Necessity & Proportionality",description:"Assess whether the processing is necessary and proportionate to the purposes.",order:1,questions:[{id:"lawful_basis",text:"What is the lawful basis for processing under the NDPA 2023?",type:"select",required:true,options:[{value:"consent",label:"Consent (Section 25(1)(a))"},{value:"contract",label:"Contract (Section 25(1)(b))"},{value:"legal_obligation",label:"Legal Obligation (Section 25(1)(c))"},{value:"vital_interests",label:"Vital Interests (Section 25(1)(d))"},{value:"public_task",label:"Public Task (Section 25(1)(e))"},{value:"legitimate_interests",label:"Legitimate Interests (Section 25(1)(f))"}]},{id:"data_minimisation",text:"Is the processing limited to what is necessary for the specified purpose?",type:"radio",required:true,options:[{value:"yes",label:"Yes \u2014 only minimum data is collected",riskLevel:"low"},{value:"partial",label:"Partially \u2014 some additional data may be collected",riskLevel:"medium"},{value:"no",label:"No \u2014 more data is collected than strictly necessary",riskLevel:"high"}]}]},{id:"risk_identification",title:"Risk Identification",description:"Identify and assess risks to data subjects arising from the processing.",order:2,questions:[{id:"sensitive_data",text:"Does the processing involve sensitive personal data (e.g., health, biometric, financial, children's data)?",type:"radio",required:true,options:[{value:"no",label:"No sensitive data",riskLevel:"low"},{value:"yes_protected",label:"Yes, with appropriate safeguards",riskLevel:"medium"},{value:"yes_unprotected",label:"Yes, without adequate safeguards",riskLevel:"high"}]},{id:"scale",text:"What is the scale of processing?",type:"radio",required:true,options:[{value:"small",label:"Small scale (fewer than 1,000 individuals)",riskLevel:"low"},{value:"medium",label:"Medium scale (1,000 to 100,000 individuals)",riskLevel:"medium"},{value:"large",label:"Large scale (over 100,000 individuals)",riskLevel:"high"}]},{id:"cross_border",text:"Will data be transferred outside Nigeria?",type:"radio",required:true,options:[{value:"no",label:"No international transfers",riskLevel:"low"},{value:"adequate",label:"Yes, to countries with adequate protection",riskLevel:"medium"},{value:"inadequate",label:"Yes, to countries without adequate protection",riskLevel:"high"}]}]},{id:"mitigation",title:"Risk Mitigation & Measures",description:"Document the measures taken to address identified risks.",order:3,questions:[{id:"security_measures",text:"What technical and organisational security measures are in place?",guidance:"Include encryption, access controls, pseudonymisation, staff training, etc.",type:"textarea",required:true},{id:"retention_period",text:"What is the data retention period?",guidance:"Specify how long data will be kept and the criteria used to determine this.",type:"text",required:true},{id:"dpo_consulted",text:"Has the Data Protection Officer (DPO) been consulted on this assessment?",type:"radio",required:false,options:[{value:"yes",label:"Yes",riskLevel:"low"},{value:"no",label:"No",riskLevel:"medium"},{value:"na",label:"Not applicable \u2014 no DPO appointed",riskLevel:"medium"}]}]}],_=({sections:c=k,adapter:s,classNames:u,unstyled:p,onComplete:o=()=>{}})=>{let[n,d]=react.useState({}),[m,f]=react.useState(0),P=(a,C)=>{d(S=>chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},S),{[a]:C}));},e=()=>{m<c.length-1?f(a=>a+1):(s&&s.save(n),o(n));},t=()=>{m>0&&f(a=>a-1);},r=Math.round((m+1)/c.length*100);return jsxRuntime.jsx(chunkWDDCKYWA_js.a,{sections:c,answers:n,onAnswerChange:P,currentSectionIndex:m,onNextSection:e,onPrevSection:t,progress:r,classNames:u,unstyled:p})};var F=({initialActivities:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunkPZRQWPWD_js.a,{activities:o,onAddActivity:e=>{let t=Date.now(),r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},e),{id:`activity-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateActivity:(e,t)=>{let r=o.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onArchiveActivity:e=>{let t=o.map(r=>r.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},r),{status:"inactive",updatedAt:Date.now()}):r);n(t),d(t);},classNames:u,unstyled:p})};var W=({initialTransfers:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunkI3Y4LOSL_js.a,{transfers:o,onAddTransfer:e=>{let t=Date.now(),r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},e),{id:`transfer-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateTransfer:(e,t)=>{let r=o.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onRemoveTransfer:e=>{let t=o.filter(r=>r.id!==e);n(t),d(t);},classNames:u,unstyled:p})};var j={id:"ndpr-ropa-default",organizationName:"Your Organisation",organizationContact:"",organizationAddress:"",records:[],lastUpdated:Date.now(),version:"1.0"},V=({initialData:c,adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(c!=null?c:j);react.useEffect(()=>{if(!s)return;let e=false;return chunkRFPLZDIO_js.d(null,null,function*(){let r=yield s.load();!e&&r&&n(r);}),()=>{e=true;}},[s]);let d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunk5GVMKUMP_js.a,{ropa:o,onAddRecord:e=>{let t=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:[...o.records,e],lastUpdated:Date.now()});n(t),d(t);},onUpdateRecord:(e,t)=>{let r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:o.records.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a),lastUpdated:Date.now()});n(r),d(r);},onArchiveRecord:e=>{let t=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:o.records.map(r=>r.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},r),{status:"archived",updatedAt:Date.now()}):r),lastUpdated:Date.now()});n(t),d(t);},classNames:u,unstyled:p})};var G=u=>{var p=u,{input:c}=p,s=chunkRFPLZDIO_js.c(p,["input"]);let o=chunkQPRYXVH2_js.a(c);return jsxRuntime.jsx(chunkNUWVPRNI_js.a,chunkRFPLZDIO_js.a({report:o},s))};Object.defineProperty(exports,"NDPRPrivacyPolicy",{enumerable:true,get:function(){return chunkW7RBGZCC_js.a}});Object.defineProperty(exports,"NDPRConsent",{enumerable:true,get:function(){return chunkV3RYHNHN_js.a}});Object.defineProperty(exports,"NDPRSubjectRights",{enumerable:true,get:function(){return chunkRXZFYBUJ_js.a}});exports.NDPRBreachReport=I;exports.NDPRComplianceDashboard=G;exports.NDPRCrossBorder=W;exports.NDPRDPIA=_;exports.NDPRLawfulBasis=F;exports.NDPRROPA=V;

package/dist/presets.mjs

@@ -1,3 +1,2 @@
 "use client";
-import {a as a$3}from'./chunk-ID2NYIVE.mjs';import {a as a$a}from'./chunk-RRVKUCFR.mjs';import {a as a$6}from'./chunk-CISJAQ6W.mjs';import {a as a$7}from'./chunk-SYMQJO2W.mjs';import {a as a$8}from'./chunk-QSVVAZVT.mjs';import'./chunk-F5TXUA4O.mjs';import'./chunk-JFFOPHU3.mjs';import'./chunk-I557S566.mjs';import {a as a$9}from'./chunk-ABDB7LEV.mjs';import'./chunk-GRLIPT5V.mjs';import'./chunk-TXBZPCGF.mjs';import'./chunk-75TJPK2N.mjs';import'./chunk-SHMJNRHO.mjs';import {a}from'./chunk-GN5C32JB.mjs';import {a as a$1}from'./chunk-6HZL2WDU.mjs';import {a as a$5}from'./chunk-LJNNPAFU.mjs';import {a as a$2}from'./chunk-KF3EFJEF.mjs';import'./chunk-GKKAK6ES.mjs';import'./chunk-AYKLAEOU.mjs';import'./chunk-6WIP33TW.mjs';import {a as a$4,b,d,c}from'./chunk-WWT2ZSNU.mjs';import {jsx}from'react/jsx-runtime';import {useState,useEffect}from'react';var q=[{id:"essential",label:"Essential Cookies",description:"Required for basic site functionality. Cannot be disabled.",required:true,purpose:"Site operation"},{id:"analytics",label:"Analytics",description:"Help us understand how visitors use our site to improve the experience.",required:false,purpose:"Usage analytics"},{id:"marketing",label:"Marketing",description:"Used to deliver relevant advertisements and track campaign effectiveness.",required:false,purpose:"Targeted advertising"},{id:"preferences",label:"Preferences",description:"Remember your settings and preferences for a personalised experience.",required:false,purpose:"Personalisation"}],O=({extraOptions:d=[],options:t,adapter:p,position:l="bottom",classNames:s,unstyled:c,onSave:a$1})=>{let u=t!=null?t:[...q,...d];return jsx(a,{options:u,onSave:f=>{p&&p.save(f),a$1==null||a$1(f);},position:l,classNames:s,unstyled:c,manageStorage:!p})};var I=[{id:"access",name:"Access My Data",description:"Request a copy of your personal data held by us",ndpaSection:"Section 30",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"rectification",name:"Correct My Data",description:"Request corrections to inaccurate personal data",ndpaSection:"Section 31",estimatedCompletionTime:30,requiresAdditionalInfo:true,additionalFields:[{id:"correction_details",label:"What data needs to be corrected?",type:"textarea",required:true,placeholder:"Please describe the inaccurate data and what the correct information should be"}]},{id:"erasure",name:"Delete My Data",description:"Request deletion of your personal data",ndpaSection:"Section 32",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"portability",name:"Export My Data",description:"Receive your data in a portable format",ndpaSection:"Section 34",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"restrict",name:"Restrict Processing",description:"Request restriction of data processing",ndpaSection:"Section 33",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"object",name:"Object to Processing",description:"Object to processing of your personal data",ndpaSection:"Section 35",estimatedCompletionTime:30,requiresAdditionalInfo:false}],k=({requestTypes:d=I,adapter:t,classNames:p,unstyled:l,onSubmit:s=()=>{}})=>jsx(a$1,{requestTypes:d,onSubmit:a=>{t&&t.save(a),s(a);},classNames:p,unstyled:l});var _=[{id:"unauthorized_access",name:"Unauthorized Access",description:"Unauthorized access to personal data",defaultSeverity:"high"},{id:"data_loss",name:"Data Loss",description:"Loss of personal data",defaultSeverity:"high"},{id:"data_theft",name:"Data Theft",description:"Theft of personal data",defaultSeverity:"critical"},{id:"system_breach",name:"System Breach",description:"Breach of system containing personal data",defaultSeverity:"critical"},{id:"accidental_disclosure",name:"Accidental Disclosure",description:"Unintended disclosure of personal data",defaultSeverity:"medium"}],U=({categories:d=_,adapter:t,classNames:p,unstyled:l,onSubmit:s=()=>{}})=>jsx(a$2,{categories:d,onSubmit:a=>{t&&t.save(a),s(a);},classNames:p,unstyled:l});var E=d=>jsx(a$3,a$4({},d));var Y=[{id:"project_overview",title:"Project Overview",description:"Provide basic details about the processing activity being assessed.",order:0,questions:[{id:"project_name",text:"What is the name of the project or processing activity?",type:"text",required:true},{id:"project_description",text:"Describe the nature and purpose of the processing.",guidance:"Include what personal data will be collected, why it is needed, and how it will be used.",type:"textarea",required:true},{id:"data_controller",text:"Who is the data controller responsible for this processing?",type:"text",required:true}]},{id:"necessity",title:"Necessity & Proportionality",description:"Assess whether the processing is necessary and proportionate to the purposes.",order:1,questions:[{id:"lawful_basis",text:"What is the lawful basis for processing under the NDPA 2023?",type:"select",required:true,options:[{value:"consent",label:"Consent (Section 25(1)(a))"},{value:"contract",label:"Contract (Section 25(1)(b))"},{value:"legal_obligation",label:"Legal Obligation (Section 25(1)(c))"},{value:"vital_interests",label:"Vital Interests (Section 25(1)(d))"},{value:"public_task",label:"Public Task (Section 25(1)(e))"},{value:"legitimate_interests",label:"Legitimate Interests (Section 25(1)(f))"}]},{id:"data_minimisation",text:"Is the processing limited to what is necessary for the specified purpose?",type:"radio",required:true,options:[{value:"yes",label:"Yes \u2014 only minimum data is collected",riskLevel:"low"},{value:"partial",label:"Partially \u2014 some additional data may be collected",riskLevel:"medium"},{value:"no",label:"No \u2014 more data is collected than strictly necessary",riskLevel:"high"}]}]},{id:"risk_identification",title:"Risk Identification",description:"Identify and assess risks to data subjects arising from the processing.",order:2,questions:[{id:"sensitive_data",text:"Does the processing involve sensitive personal data (e.g., health, biometric, financial, children's data)?",type:"radio",required:true,options:[{value:"no",label:"No sensitive data",riskLevel:"low"},{value:"yes_protected",label:"Yes, with appropriate safeguards",riskLevel:"medium"},{value:"yes_unprotected",label:"Yes, without adequate safeguards",riskLevel:"high"}]},{id:"scale",text:"What is the scale of processing?",type:"radio",required:true,options:[{value:"small",label:"Small scale (fewer than 1,000 individuals)",riskLevel:"low"},{value:"medium",label:"Medium scale (1,000 to 100,000 individuals)",riskLevel:"medium"},{value:"large",label:"Large scale (over 100,000 individuals)",riskLevel:"high"}]},{id:"cross_border",text:"Will data be transferred outside Nigeria?",type:"radio",required:true,options:[{value:"no",label:"No international transfers",riskLevel:"low"},{value:"adequate",label:"Yes, to countries with adequate protection",riskLevel:"medium"},{value:"inadequate",label:"Yes, to countries without adequate protection",riskLevel:"high"}]}]},{id:"mitigation",title:"Risk Mitigation & Measures",description:"Document the measures taken to address identified risks.",order:3,questions:[{id:"security_measures",text:"What technical and organisational security measures are in place?",guidance:"Include encryption, access controls, pseudonymisation, staff training, etc.",type:"textarea",required:true},{id:"retention_period",text:"What is the data retention period?",guidance:"Specify how long data will be kept and the criteria used to determine this.",type:"text",required:true},{id:"dpo_consulted",text:"Has the Data Protection Officer (DPO) been consulted on this assessment?",type:"radio",required:false,options:[{value:"yes",label:"Yes",riskLevel:"low"},{value:"no",label:"No",riskLevel:"medium"},{value:"na",label:"Not applicable \u2014 no DPO appointed",riskLevel:"medium"}]}]}],z=({sections:d=Y,adapter:t,classNames:p,unstyled:l,onComplete:s=()=>{}})=>{let[c,a]=useState({}),[u,y]=useState(0),f=(i,T)=>{a(B=>b(a$4({},B),{[i]:T}));},e=()=>{u<d.length-1?y(i=>i+1):(t&&t.save(c),s(c));},r=()=>{u>0&&y(i=>i-1);},o=Math.round((u+1)/d.length*100);return jsx(a$5,{sections:d,answers:c,onAnswerChange:f,currentSectionIndex:u,onNextSection:e,onPrevSection:r,progress:o,classNames:p,unstyled:l})};var H=({initialActivities:d=[],adapter:t,classNames:p,unstyled:l})=>{let[s,c]=useState(()=>{if(t){let e=t.load();if(e&&!(e instanceof Promise))return e}return d}),a=e=>{t&&t.save(e);};return jsx(a$6,{activities:s,onAddActivity:e=>{let r=Date.now(),o=b(a$4({},e),{id:`activity-${r}`,createdAt:r,updatedAt:r}),i=[...s,o];c(i),a(i);},onUpdateActivity:(e,r)=>{let o=s.map(i=>i.id===e?b(a$4(a$4({},i),r),{updatedAt:Date.now()}):i);c(o),a(o);},onArchiveActivity:e=>{let r=s.map(o=>o.id===e?b(a$4({},o),{status:"inactive",updatedAt:Date.now()}):o);c(r),a(r);},classNames:p,unstyled:l})};var V=({initialTransfers:d=[],adapter:t,classNames:p,unstyled:l})=>{let[s,c]=useState(()=>{if(t){let e=t.load();if(e&&!(e instanceof Promise))return e}return d}),a=e=>{t&&t.save(e);};return jsx(a$7,{transfers:s,onAddTransfer:e=>{let r=Date.now(),o=b(a$4({},e),{id:`transfer-${r}`,createdAt:r,updatedAt:r}),i=[...s,o];c(i),a(i);},onUpdateTransfer:(e,r)=>{let o=s.map(i=>i.id===e?b(a$4(a$4({},i),r),{updatedAt:Date.now()}):i);c(o),a(o);},onRemoveTransfer:e=>{let r=s.filter(o=>o.id!==e);c(r),a(r);},classNames:p,unstyled:l})};var Z={id:"ndpr-ropa-default",organizationName:"Your Organisation",organizationContact:"",organizationAddress:"",records:[],lastUpdated:Date.now(),version:"1.0"},ee=({initialData:d$1,adapter:t,classNames:p,unstyled:l})=>{let[s,c]=useState(d$1!=null?d$1:Z);useEffect(()=>{if(!t)return;let e=false;return d(null,null,function*(){let o=yield t.load();!e&&o&&c(o);}),()=>{e=true;}},[t]);let a=e=>{t&&t.save(e);};return jsx(a$8,{ropa:s,onAddRecord:e=>{let r=b(a$4({},s),{records:[...s.records,e],lastUpdated:Date.now()});c(r),a(r);},onUpdateRecord:(e,r)=>{let o=b(a$4({},s),{records:s.records.map(i=>i.id===e?b(a$4(a$4({},i),r),{updatedAt:Date.now()}):i),lastUpdated:Date.now()});c(o),a(o);},onArchiveRecord:e=>{let r=b(a$4({},s),{records:s.records.map(o=>o.id===e?b(a$4({},o),{status:"archived",updatedAt:Date.now()}):o),lastUpdated:Date.now()});c(r),a(r);},classNames:p,unstyled:l})};var re=p=>{var l=p,{input:d}=l,t=c(l,["input"]);let s=a$9(d);return jsx(a$a,a$4({report:s},t))};export{U as NDPRBreachReport,re as NDPRComplianceDashboard,O as NDPRConsent,V as NDPRCrossBorder,z as NDPRDPIA,H as NDPRLawfulBasis,E as NDPRPrivacyPolicy,ee as NDPRROPA,k as NDPRSubjectRights};//# sourceMappingURL=presets.mjs.map
-//# sourceMappingURL=presets.mjs.map
+export{a as NDPRPrivacyPolicy}from'./chunk-RV2VMWZJ.mjs';import'./chunk-BNHQFZHL.mjs';export{a as NDPRConsent}from'./chunk-LTPSN2SU.mjs';export{a as NDPRSubjectRights}from'./chunk-SJRIOZ4K.mjs';import {a as a$7}from'./chunk-ZIZL37BG.mjs';import {a as a$2}from'./chunk-COD3RMTL.mjs';import {a as a$4}from'./chunk-GTYXVAJX.mjs';import {a as a$5}from'./chunk-EXEXUAF6.mjs';import'./chunk-O6CUBNXK.mjs';import'./chunk-AOHKVFAS.mjs';import {a as a$6}from'./chunk-EFIBHKQE.mjs';import'./chunk-RMQ7OLNY.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-XP5PL6K7.mjs';import'./chunk-BFAX7JQA.mjs';import'./chunk-YTU4FNM2.mjs';import'./chunk-XJO4DH3L.mjs';import {a as a$1}from'./chunk-ZQZJNKVB.mjs';import {a}from'./chunk-ZHFLBL63.mjs';import'./chunk-EWVK45Z3.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-DBZSN4WP.mjs';import {b,a as a$3,d,c}from'./chunk-ZJYULEER.mjs';import {jsx}from'react/jsx-runtime';import {useState,useEffect}from'react';var L=[{id:"unauthorized_access",name:"Unauthorized Access",description:"Unauthorized access to personal data",defaultSeverity:"high"},{id:"data_loss",name:"Data Loss",description:"Loss of personal data",defaultSeverity:"high"},{id:"data_theft",name:"Data Theft",description:"Theft of personal data",defaultSeverity:"critical"},{id:"system_breach",name:"System Breach",description:"Breach of system containing personal data",defaultSeverity:"critical"},{id:"accidental_disclosure",name:"Accidental Disclosure",description:"Unintended disclosure of personal data",defaultSeverity:"medium"}],I=({categories:c=L,adapter:s,classNames:u,unstyled:p,onSubmit:o=()=>{}})=>jsx(a,{categories:c,onSubmit:d=>{s&&s.save(d),o(d);},classNames:u,unstyled:p});var k=[{id:"project_overview",title:"Project Overview",description:"Provide basic details about the processing activity being assessed.",order:0,questions:[{id:"project_name",text:"What is the name of the project or processing activity?",type:"text",required:true},{id:"project_description",text:"Describe the nature and purpose of the processing.",guidance:"Include what personal data will be collected, why it is needed, and how it will be used.",type:"textarea",required:true},{id:"data_controller",text:"Who is the data controller responsible for this processing?",type:"text",required:true}]},{id:"necessity",title:"Necessity & Proportionality",description:"Assess whether the processing is necessary and proportionate to the purposes.",order:1,questions:[{id:"lawful_basis",text:"What is the lawful basis for processing under the NDPA 2023?",type:"select",required:true,options:[{value:"consent",label:"Consent (Section 25(1)(a))"},{value:"contract",label:"Contract (Section 25(1)(b))"},{value:"legal_obligation",label:"Legal Obligation (Section 25(1)(c))"},{value:"vital_interests",label:"Vital Interests (Section 25(1)(d))"},{value:"public_task",label:"Public Task (Section 25(1)(e))"},{value:"legitimate_interests",label:"Legitimate Interests (Section 25(1)(f))"}]},{id:"data_minimisation",text:"Is the processing limited to what is necessary for the specified purpose?",type:"radio",required:true,options:[{value:"yes",label:"Yes \u2014 only minimum data is collected",riskLevel:"low"},{value:"partial",label:"Partially \u2014 some additional data may be collected",riskLevel:"medium"},{value:"no",label:"No \u2014 more data is collected than strictly necessary",riskLevel:"high"}]}]},{id:"risk_identification",title:"Risk Identification",description:"Identify and assess risks to data subjects arising from the processing.",order:2,questions:[{id:"sensitive_data",text:"Does the processing involve sensitive personal data (e.g., health, biometric, financial, children's data)?",type:"radio",required:true,options:[{value:"no",label:"No sensitive data",riskLevel:"low"},{value:"yes_protected",label:"Yes, with appropriate safeguards",riskLevel:"medium"},{value:"yes_unprotected",label:"Yes, without adequate safeguards",riskLevel:"high"}]},{id:"scale",text:"What is the scale of processing?",type:"radio",required:true,options:[{value:"small",label:"Small scale (fewer than 1,000 individuals)",riskLevel:"low"},{value:"medium",label:"Medium scale (1,000 to 100,000 individuals)",riskLevel:"medium"},{value:"large",label:"Large scale (over 100,000 individuals)",riskLevel:"high"}]},{id:"cross_border",text:"Will data be transferred outside Nigeria?",type:"radio",required:true,options:[{value:"no",label:"No international transfers",riskLevel:"low"},{value:"adequate",label:"Yes, to countries with adequate protection",riskLevel:"medium"},{value:"inadequate",label:"Yes, to countries without adequate protection",riskLevel:"high"}]}]},{id:"mitigation",title:"Risk Mitigation & Measures",description:"Document the measures taken to address identified risks.",order:3,questions:[{id:"security_measures",text:"What technical and organisational security measures are in place?",guidance:"Include encryption, access controls, pseudonymisation, staff training, etc.",type:"textarea",required:true},{id:"retention_period",text:"What is the data retention period?",guidance:"Specify how long data will be kept and the criteria used to determine this.",type:"text",required:true},{id:"dpo_consulted",text:"Has the Data Protection Officer (DPO) been consulted on this assessment?",type:"radio",required:false,options:[{value:"yes",label:"Yes",riskLevel:"low"},{value:"no",label:"No",riskLevel:"medium"},{value:"na",label:"Not applicable \u2014 no DPO appointed",riskLevel:"medium"}]}]}],_=({sections:c=k,adapter:s,classNames:u,unstyled:p,onComplete:o=()=>{}})=>{let[n,d]=useState({}),[m,f]=useState(0),P=(a,C)=>{d(S=>b(a$3({},S),{[a]:C}));},e=()=>{m<c.length-1?f(a=>a+1):(s&&s.save(n),o(n));},t=()=>{m>0&&f(a=>a-1);},r=Math.round((m+1)/c.length*100);return jsx(a$1,{sections:c,answers:n,onAnswerChange:P,currentSectionIndex:m,onNextSection:e,onPrevSection:t,progress:r,classNames:u,unstyled:p})};var F=({initialActivities:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsx(a$2,{activities:o,onAddActivity:e=>{let t=Date.now(),r=b(a$3({},e),{id:`activity-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateActivity:(e,t)=>{let r=o.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onArchiveActivity:e=>{let t=o.map(r=>r.id===e?b(a$3({},r),{status:"inactive",updatedAt:Date.now()}):r);n(t),d(t);},classNames:u,unstyled:p})};var W=({initialTransfers:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsx(a$4,{transfers:o,onAddTransfer:e=>{let t=Date.now(),r=b(a$3({},e),{id:`transfer-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateTransfer:(e,t)=>{let r=o.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onRemoveTransfer:e=>{let t=o.filter(r=>r.id!==e);n(t),d(t);},classNames:u,unstyled:p})};var j={id:"ndpr-ropa-default",organizationName:"Your Organisation",organizationContact:"",organizationAddress:"",records:[],lastUpdated:Date.now(),version:"1.0"},V=({initialData:c,adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(c!=null?c:j);useEffect(()=>{if(!s)return;let e=false;return d(null,null,function*(){let r=yield s.load();!e&&r&&n(r);}),()=>{e=true;}},[s]);let d$1=e=>{s&&s.save(e);};return jsx(a$5,{ropa:o,onAddRecord:e=>{let t=b(a$3({},o),{records:[...o.records,e],lastUpdated:Date.now()});n(t),d$1(t);},onUpdateRecord:(e,t)=>{let r=b(a$3({},o),{records:o.records.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a),lastUpdated:Date.now()});n(r),d$1(r);},onArchiveRecord:e=>{let t=b(a$3({},o),{records:o.records.map(r=>r.id===e?b(a$3({},r),{status:"archived",updatedAt:Date.now()}):r),lastUpdated:Date.now()});n(t),d$1(t);},classNames:u,unstyled:p})};var G=u=>{var p=u,{input:c$1}=p,s=c(p,["input"]);let o=a$6(c$1);return jsx(a$7,a$3({report:o},s))};export{I as NDPRBreachReport,G as NDPRComplianceDashboard,W as NDPRCrossBorder,_ as NDPRDPIA,F as NDPRLawfulBasis,V as NDPRROPA};

package/dist/ropa.js

@@ -1,3 +1,2 @@
 "use client";
-'use strict';var chunkXNSZ7KUH_js=require('./chunk-XNSZ7KUH.js'),chunkM2TPT5GB_js=require('./chunk-M2TPT5GB.js'),chunkGOU6FU6Y_js=require('./chunk-GOU6FU6Y.js');require('./chunk-E64TU6IU.js'),require('./chunk-MQFZHA2D.js');var react=require('react'),jsxRuntime=require('react/jsx-runtime');var p=react.createContext(null);function u(){let r=react.useContext(p);if(!r)throw new Error("ROPA compound components must be wrapped in <ROPA.Provider>. Example: <ROPA.Provider initialData={...}><ROPA.Manager /></ROPA.Provider>");return r}var e=({initialData:r,adapter:i,onRecordAdd:P,onRecordUpdate:n,onRecordArchive:a,children:s})=>{let R=chunkM2TPT5GB_js.a({initialData:r,adapter:i,onRecordAdd:P,onRecordUpdate:n,onRecordArchive:a});return jsxRuntime.jsx(p.Provider,{value:R,children:s})};var v={Provider:e,Manager:chunkXNSZ7KUH_js.a};Object.defineProperty(exports,"ROPAManager",{enumerable:true,get:function(){return chunkXNSZ7KUH_js.a}});Object.defineProperty(exports,"useROPA",{enumerable:true,get:function(){return chunkM2TPT5GB_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunkGOU6FU6Y_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunkGOU6FU6Y_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunkGOU6FU6Y_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunkGOU6FU6Y_js.a}});exports.ROPA=v;exports.ROPAProvider=e;exports.useROPACompound=u;//# sourceMappingURL=ropa.js.map
-//# sourceMappingURL=ropa.js.map
+'use strict';var chunk5GVMKUMP_js=require('./chunk-5GVMKUMP.js'),chunk3JPDTXGC_js=require('./chunk-3JPDTXGC.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js');require('./chunk-AME4HJR4.js'),require('./chunk-RFPLZDIO.js');var react=require('react'),jsxRuntime=require('react/jsx-runtime');var t=react.createContext(null);function u(){let r=react.useContext(t);if(!r)throw new Error("ROPA compound components must be wrapped in <ROPA.Provider>. Example: <ROPA.Provider initialData={...}><ROPA.Manager /></ROPA.Provider>");return r}var p=({initialData:r,adapter:i,onRecordAdd:P,onRecordUpdate:n,onRecordArchive:a,children:s})=>{let R=chunk3JPDTXGC_js.a({initialData:r,adapter:i,onRecordAdd:P,onRecordUpdate:n,onRecordArchive:a});return jsxRuntime.jsx(t.Provider,{value:R,children:s})};var v={Provider:p,Manager:chunk5GVMKUMP_js.a};Object.defineProperty(exports,"ROPAManager",{enumerable:true,get:function(){return chunk5GVMKUMP_js.a}});Object.defineProperty(exports,"useROPA",{enumerable:true,get:function(){return chunk3JPDTXGC_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});exports.ROPA=v;exports.ROPAProvider=p;exports.useROPACompound=u;

package/dist/ropa.mjs

@@ -1,3 +1,2 @@
 "use client";
-import {a}from'./chunk-QSVVAZVT.mjs';export{a as ROPAManager}from'./chunk-QSVVAZVT.mjs';import {a as a$1}from'./chunk-2AW7KAZO.mjs';export{a as useROPA}from'./chunk-2AW7KAZO.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-SHMJNRHO.mjs';import'./chunk-AYKLAEOU.mjs';import'./chunk-WWT2ZSNU.mjs';import {createContext,useContext}from'react';import {jsx}from'react/jsx-runtime';var p=createContext(null);function u(){let r=useContext(p);if(!r)throw new Error("ROPA compound components must be wrapped in <ROPA.Provider>. Example: <ROPA.Provider initialData={...}><ROPA.Manager /></ROPA.Provider>");return r}var e=({initialData:r,adapter:i,onRecordAdd:P,onRecordUpdate:n,onRecordArchive:a,children:s})=>{let R=a$1({initialData:r,adapter:i,onRecordAdd:P,onRecordUpdate:n,onRecordArchive:a});return jsx(p.Provider,{value:R,children:s})};var v={Provider:e,Manager:a};export{v as ROPA,e as ROPAProvider,u as useROPACompound};//# sourceMappingURL=ropa.mjs.map
-//# sourceMappingURL=ropa.mjs.map
+import {a}from'./chunk-EXEXUAF6.mjs';export{a as ROPAManager}from'./chunk-EXEXUAF6.mjs';import {a as a$1}from'./chunk-RPXRPGHL.mjs';export{a as useROPA}from'./chunk-RPXRPGHL.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-ZJYULEER.mjs';import {createContext,useContext}from'react';import {jsx}from'react/jsx-runtime';var t=createContext(null);function u(){let r=useContext(t);if(!r)throw new Error("ROPA compound components must be wrapped in <ROPA.Provider>. Example: <ROPA.Provider initialData={...}><ROPA.Manager /></ROPA.Provider>");return r}var p=({initialData:r,adapter:i,onRecordAdd:P,onRecordUpdate:n,onRecordArchive:a,children:s})=>{let R=a$1({initialData:r,adapter:i,onRecordAdd:P,onRecordUpdate:n,onRecordArchive:a});return jsx(t.Provider,{value:R,children:s})};var v={Provider:p,Manager:a};export{v as ROPA,p as ROPAProvider,u as useROPACompound};

package/dist/server.d.mts

@@ -3,10 +3,144 @@
  */
 export declare type AdequacyStatus = 'adequate' | 'inadequate' | 'pending_review' | 'unknown';
 
-export declare function apiAdapter<T = unknown>(endpoint: string, options?: ApiAdapterOptions): StorageAdapter<T>;
+/**
+ * Production-ready API storage adapter.
+ *
+ * Backward-compatible with the 3.5.x signature — `apiAdapter('/api/x')`
+ * still works exactly as before. New options are all opt-in.
+ *
+ * @example basic
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent');
+ *
+ * @example with credentials and CSRF
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     credentials: 'include',
+ *     headers: () => ({
+ *       'X-CSRF-Token': document.querySelector<HTMLMetaElement>(
+ *         'meta[name="csrf-token"]'
+ *       )?.content ?? '',
+ *     }),
+ *   });
+ *
+ * @example with retry + telemetry
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     retry: { attempts: 2, baseDelayMs: 300 },
+ *     onError: (ctx) => Sentry.captureException(ctx.error, { extra: ctx }),
+ *     onSuccess: (ctx) => analytics.track('consent_saved', { method: ctx.method }),
+ *   });
+ *
+ * @example with response unwrap
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     // API returns { data: ConsentSettings, ok: true }
+ *     unwrap: (raw) => (raw as { data: ConsentSettings }).data,
+ *   });
+ */
+export declare function apiAdapter<T = unknown>(endpoint: string, options?: ApiAdapterOptions<T>): StorageAdapter<T>;
+
+declare interface ApiAdapterErrorContext<T = unknown> {
+    /** Which adapter operation triggered this — `load`, `save`, or `remove`. */
+    method: ApiAdapterMethod;
+    /** The endpoint URL that failed. */
+    endpoint: string;
+    /** Underlying error (for network failures / parse errors). */
+    error?: unknown;
+    /** Response object, if a response was received. */
+    response?: Response;
+    /** HTTP status code, if available. */
+    status?: number;
+    /** For `save`, the payload that failed to send. */
+    payload?: T;
+    /** Which retry attempt this is (0 = first try). Capped at `retry.attempts`. */
+    attempt: number;
+}
+
+declare type ApiAdapterMethod = 'load' | 'save' | 'remove';
+
+declare interface ApiAdapterOptions<T = unknown> {
+    /**
+     * Extra HTTP headers to send with every request. Useful for `Authorization`,
+     * `X-CSRF-Token`, `X-Requested-With`, etc.
+     *
+     * Can also be a function that returns headers, which lets you read a CSRF
+     * token from the DOM/cookie at request time rather than at adapter
+     * construction time.
+     */
+    headers?: Record<string, string> | (() => Record<string, string>);
+    /**
+     * Forwarded to fetch's `credentials` option. Defaults to `'same-origin'`
+     * (the browser default). Set to `'include'` for cross-origin endpoints
+     * that need cookies / auth.
+     */
+    credentials?: RequestCredentials;
+    /**
+     * HTTP method override for the load operation. Defaults to `'GET'`.
+     */
+    loadMethod?: 'GET' | 'POST';
+    /**
+     * HTTP method override for the save operation. Defaults to `'POST'`. Some
+     * REST APIs prefer `'PUT'` for upsert semantics.
+     */
+    saveMethod?: 'POST' | 'PUT' | 'PATCH';
+    /**
+     * Transform the raw JSON response into the expected `T`. Useful for APIs
+     * that wrap responses in `{ data: ... }` or similar envelopes. Called
+     * after `res.json()`. If omitted, the parsed JSON is used as-is.
+     */
+    unwrap?: (raw: unknown) => T | null;
+    /**
+     * Retry policy for failed requests. Defaults to no retries (preserves the
+     * pre-3.6.0 behaviour). When configured, applies to all three operations.
+     */
+    retry?: ApiAdapterRetryConfig;
+    /**
+     * Called when a request fails (after all retries exhausted). The adapter
+     * still returns a graceful null/void result so the consuming hook
+     * doesn't crash — this hook is for telemetry, toasts, or audit logging.
+     */
+    onError?: (ctx: ApiAdapterErrorContext<T>) => void;
+    /**
+     * Called when a request succeeds. Useful for cache invalidation,
+     * analytics, or syncing other state.
+     */
+    onSuccess?: (ctx: ApiAdapterSuccessContext<T>) => void;
+    /**
+     * Per-request fetch options to merge into every request. Use this for
+     * things `fetch` itself supports that aren't directly modelled above —
+     * `signal`, `mode`, `cache`, `redirect`, etc.
+     */
+    fetchInit?: Omit<RequestInit, 'method' | 'headers' | 'body' | 'credentials'>;
+}
+
+declare interface ApiAdapterRetryConfig {
+    /**
+     * Number of additional attempts after the initial request. Defaults to 0
+     * (no retries). e.g. `attempts: 2` means up to 3 total requests.
+     */
+    attempts?: number;
+    /**
+     * Base delay in ms between attempts. Defaults to 250ms. The actual delay
+     * uses exponential backoff: `baseDelayMs * 2^attempt`.
+     */
+    baseDelayMs?: number;
+    /**
+     * Predicate that decides whether to retry given the failure context. By
+     * default we retry on network errors and 5xx responses, but not on 4xx
+     * (those are client errors that won't fix themselves).
+     */
+    shouldRetry?: (ctx: ApiAdapterErrorContext<unknown>) => boolean;
+}
 
-declare interface ApiAdapterOptions {
-    headers?: Record<string, string>;
+declare interface ApiAdapterSuccessContext<T = unknown> {
+    /** Which adapter operation succeeded — `load`, `save`, or `remove`. */
+    method: ApiAdapterMethod;
+    /** The endpoint URL. */
+    endpoint: string;
+    /** Response object. */
+    response: Response;
+    /** For `load` operations, the parsed (and optionally unwrapped) data. */
+    data?: T;
+    /** For `save` operations, the payload that was sent. */
+    payload?: T;
 }
 
 /**
@@ -139,10 +273,51 @@ export declare interface BreachReport {
     affectedSystems: string[];
     /** Types of data involved in the breach */
     dataTypes: string[];
-    /** Whether sensitive personal data is involved (NDPA Section 27) */
+    /** Whether sensitive personal data is involved (NDPA Section 30) */
     involvesSensitiveData?: boolean;
     /** Estimated number of data subjects affected */
     estimatedAffectedSubjects?: number;
+    /**
+     * Approximate number of personal data RECORDS concerned (distinct from subject count).
+     * Required content under NDPA Section 40(1)(a) and Section 40(2).
+     */
+    approximateRecordCount?: number;
+    /**
+     * Categories of data subjects affected (e.g. customers, employees, minors, patients).
+     * Required content under NDPA Section 40(1)(a) and Section 40(2).
+     */
+    dataSubjectCategories?: string[];
+    /**
+     * Likely consequences of the breach for affected data subjects (e.g. identity theft,
+     * financial loss, reputational damage). Reported to the NDPC and, where applicable,
+     * communicated to data subjects under Section 40(3).
+     */
+    likelyConsequences?: string;
+    /**
+     * Measures taken or proposed to mitigate adverse effects of the breach.
+     * Required content for Section 40(3) communications to data subjects.
+     */
+    mitigationMeasures?: string;
+    /**
+     * Whether this is a phased / interim report submitted before full investigation
+     * is complete. The NDPC permits phased reporting where complete information is
+     * not available within 72 hours.
+     */
+    isPhasedReport?: boolean;
+    /**
+     * ID of the prior phased report this report supplements, if any.
+     */
+    supplementsReportId?: string;
+    /**
+     * Data Protection Officer contact details. The DPO is the named contact point
+     * for the NDPC per NDPA Section 32(3)(c). Required content in the regulatory
+     * report (Section 40(2)).
+     */
+    dpoContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
     /** Whether the breach is ongoing or contained */
     status: 'ongoing' | 'contained' | 'resolved';
     /** Initial actions taken to address the breach */
@@ -823,20 +998,25 @@ export declare interface DsrSubmissionValidationResult {
 }
 
 /**
- * Data Subject Rights types aligned with NDPA 2023 Part IV (Sections 29-36)
+ * Data Subject Rights types aligned with NDPA 2023 Part VI (Sections 34-38)
+ * and the related provisions in Part V (Section 27 — information to the data subject)
+ * and Part X (Section 46 — complaint to the Commission).
+ *
+ * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel.
  */
 /**
- * Types of data subject requests per NDPA Part IV
- * - 'information': Right to be informed (Section 29)
- * - 'access': Right of access (Section 30)
- * - 'rectification': Right to rectification (Section 31)
- * - 'erasure': Right to erasure (Section 32)
- * - 'restriction': Right to restrict processing (Section 33)
- * - 'portability': Right to data portability (Section 34)
- * - 'objection': Right to object (Section 35)
- * - 'automated_decision_making': Rights related to automated decision-making (Section 36)
+ * Types of data subject requests per NDPA Part VI
+ * - 'information': Right to be informed (Section 27 — provision of information; Section 34(1)(a))
+ * - 'access': Right of access / confirmation + data copy (Section 34(1)(a)–(b))
+ * - 'rectification': Right to rectification (Section 34(1)(c))
+ * - 'erasure': Right to erasure (Section 34(1)(d), Section 34(2))
+ * - 'restriction': Right to restrict processing (Section 34(1)(e))
+ * - 'portability': Right to data portability (Section 38)
+ * - 'objection': Right to object (Section 36)
+ * - 'automated_decision_making': Rights re. automated decisions / profiling (Section 37)
+ * - 'withdraw_consent': Right to withdraw consent (Section 35)
  */
-export declare type DSRType = 'information' | 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection' | 'automated_decision_making';
+export declare type DSRType = 'information' | 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection' | 'automated_decision_making' | 'withdraw_consent';
 
 export declare type EffortLevel = 'low' | 'medium' | 'high';
 
@@ -1100,11 +1280,13 @@ export declare type Industry = 'fintech' | 'healthcare' | 'ecommerce' | 'saas' |
 
 /**
  * Returns whether NDPC approval is required for a given transfer mechanism.
- * Approval is required for standard contractual clauses (Section 42),
- * binding corporate rules (Section 43), and specific NDPC authorization (Section 44).
+ * Under NDPA Section 42(5), the Commission may approve binding corporate rules,
+ * codes of conduct, certification mechanisms, or similar instruments. Standard
+ * contractual clauses are one of the appropriate safeguards under Section 41(1)(a)
+ * and the Commission may approve them per Section 42(4).
  *
  * @param mechanism The transfer mechanism
- * @returns Whether NDPC approval is required
+ * @returns Whether NDPC approval is typically required
  */
 export declare function isNDPCApprovalRequired(mechanism: TransferMechanism): boolean;
 
@@ -1162,6 +1344,23 @@ export declare interface LawfulBasisValidationResult {
     warnings: string[];
 }
 
+/**
+ * Full disclaimer suitable for PDF/DOCX footers and exported artifacts.
+ */
+export declare const LEGAL_DISCLAIMER_LONG: string;
+
+/**
+ * Short disclaimer suitable for component captions and dashboard footers.
+ * One line, no markdown.
+ */
+export declare const LEGAL_DISCLAIMER_SHORT = "Generated for guidance only. Not legal advice \u2014 verify with your DPO or counsel.";
+
+/**
+ * Returns the long disclaimer wrapped with a leading heading suitable for
+ * embedding at the foot of an exported document.
+ */
+export declare function legalDisclaimerBlock(heading?: string): string;
+
 /**
  * Represents a Legitimate Interest Assessment (LIA)
  * Required when the lawful basis is 'legitimate_interests'
@@ -1770,7 +1969,9 @@ export declare interface RequestType {
     /** Description of what this request type entails */
     description: string;
     /**
-     * NDPA section reference (e.g., "Section 30" for access requests)
+     * NDPA 2023 section reference for this right
+     * (e.g., "Section 34(1)(a)" for access, "Section 38" for portability).
+     * Used for display purposes only — verify the exact subsection with counsel.
      */
     ndpaSection?: string;
     /**
@@ -1978,8 +2179,11 @@ export declare interface TransferImpactAssessment {
 }
 
 /**
- * Cross-Border Data Transfer types aligned with NDPA 2023 Part VI (Sections 41-45)
- * Personal data may only be transferred outside Nigeria under specific conditions
+ * Cross-Border Data Transfer types aligned with NDPA 2023 Part VIII (Sections 41-43).
+ * Personal data may only be transferred outside Nigeria under the bases listed in
+ * Section 41(1), where Section 42 defines adequacy and Section 43 lists derogations.
+ *
+ * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel.
  */
 /**
  * Transfer mechanisms recognized under the NDPA
@@ -2090,7 +2294,7 @@ export declare interface ValidateDsrSubmissionOptions {
     /**
      * Allowed request types. When provided, the payload's `requestType`
      * must be one of these — useful for locking the server to a specific
-     * set of supported NDPA Part IV §29-36 rights.
+     * set of supported NDPA Part VI §34-38 (plus §35, §36, §37) data-subject rights.
      */
     allowedRequestTypes?: string[];
 }