@tantainnovative/ndpr-toolkit 3.6.1 → 3.10.1

package/dist/presets-policy.d.ts

@@ -39,6 +39,35 @@ export declare interface NDPRPrivacyPolicyProps {
     onComplete?: (policy: PrivacyPolicy) => void;
     classNames?: Record<string, string>;
     unstyled?: boolean;
+    /**
+     * Pre-fill the policy wizard with a sector-specific starter template.
+     *
+     * Pass one of `'saas' | 'ecommerce' | 'school' | 'healthcare' |
+     * 'procurement'` and the wizard opens already populated with the data
+     * categories, lawful-basis defaults, sensitive-data / children /
+     * cross-border / automated-decisions flags that org type usually needs.
+     * The user can still flip every flag and rewrite every section.
+     *
+     * @example
+     *   <NDPRPrivacyPolicy
+     *     template="healthcare"
+     *     templateOverrides={{ orgName: 'Lagos Heart Centre' }}
+     *   />
+     *
+     * @see templateContextFor in `/server` or `/core` for the underlying
+     *   factory if you'd rather build the context yourself.
+     */
+    template?: OrgPolicyTemplateId;
+    /**
+     * Organisation-level overrides applied on top of the chosen template.
+     * Ignored when `template` is unset.
+     */
+    templateOverrides?: OrgPolicyTemplateOverrides;
+    /**
+     * Pass a fully-constructed `TemplateContext` to skip the template
+     * lookup entirely. Takes precedence over `template` if both are set.
+     */
+    initialContext?: TemplateContext;
 }
 
 /**
@@ -65,6 +94,48 @@ declare interface OrganizationInfo {
     ndpcRegistrationNumber?: string;
 }
 
+/**
+ * Org-specific privacy-policy templates — pre-filled `TemplateContext`
+ * factories for the most common Nigerian app shapes.
+ *
+ * Each template returns a fully-populated `TemplateContext` with:
+ * - industry set to the matching `Industry` value
+ * - the data categories the sector typically collects (selected: true)
+ * - the processing purposes that match the business model
+ * - sensitive-data / children / cross-border / automated-decisions flags
+ *   set to the defaults that org type usually needs (a school will have
+ *   children data, a hospital will have sensitive data, etc.)
+ *
+ * Templates are guidance starters. The wizard still walks the user through
+ * every step — they can flip any flag, add/remove categories, or rewrite
+ * any section before the policy is finalised. The legal-notice footer the
+ * toolkit ships everywhere applies to the generated output.
+ *
+ * @example
+ *   import { templateContextFor } from '@tantainnovative/ndpr-toolkit/server';
+ *   const ctx = templateContextFor('ecommerce', { orgName: 'Acme NG' });
+ *   const draft = assemblePolicy(ctx);
+ */
+
+/** Identifiers for the bundled org templates. */
+declare type OrgPolicyTemplateId = 'saas' | 'ecommerce' | 'school' | 'healthcare' | 'procurement';
+
+/** Optional overrides applied on top of a template's defaults. */
+declare interface OrgPolicyTemplateOverrides {
+    /** Organisation name (e.g. "Acme Nigeria Ltd"). Default: empty. */
+    orgName?: string;
+    /** Public website URL. */
+    website?: string;
+    /** Privacy contact email. */
+    privacyEmail?: string;
+    /** Postal address. */
+    address?: string;
+    /** DPO name. Required for DCPMI under NDPA Section 32. */
+    dpoName?: string;
+    /** DPO email. Required for the NDPC breach-notification contact. */
+    dpoEmail?: string;
+}
+
 /** Organisation size tiers — affects complexity of generated language. */
 declare type OrgSize = 'startup' | 'midsize' | 'enterprise';
 

package/dist/presets-policy.js

@@ -1,2 +1,2 @@
 "use client";
-'use strict';var chunkW7RBGZCC_js=require('./chunk-W7RBGZCC.js');require('./chunk-I2LMQWK3.js'),require('./chunk-UI536RU2.js'),require('./chunk-N3MQQUQP.js'),require('./chunk-Q64735OC.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-AME4HJR4.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"NDPRPrivacyPolicy",{enumerable:true,get:function(){return chunkW7RBGZCC_js.a}});
+'use strict';var chunk5IOC3VAW_js=require('./chunk-5IOC3VAW.js');require('./chunk-W7OLQRJP.js'),require('./chunk-3GRGYT3P.js'),require('./chunk-HXWHL4BD.js'),require('./chunk-N3MQQUQP.js'),require('./chunk-Q64735OC.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-AME4HJR4.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"NDPRPrivacyPolicy",{enumerable:true,get:function(){return chunk5IOC3VAW_js.a}});

package/dist/presets-policy.mjs

@@ -1,2 +1,2 @@
 "use client";
-export{a as NDPRPrivacyPolicy}from'./chunk-RV2VMWZJ.mjs';import'./chunk-BNHQFZHL.mjs';import'./chunk-O6CUBNXK.mjs';import'./chunk-AOHKVFAS.mjs';import'./chunk-RMQ7OLNY.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';
+export{a as NDPRPrivacyPolicy}from'./chunk-R7545FP4.mjs';import'./chunk-ATFUSHC2.mjs';import'./chunk-UKLU6BQF.mjs';import'./chunk-2MIQXECH.mjs';import'./chunk-AOHKVFAS.mjs';import'./chunk-RMQ7OLNY.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';

package/dist/presets.d.mts

@@ -674,6 +674,35 @@ export declare interface NDPRPrivacyPolicyProps {
     onComplete?: (policy: PrivacyPolicy) => void;
     classNames?: Record<string, string>;
     unstyled?: boolean;
+    /**
+     * Pre-fill the policy wizard with a sector-specific starter template.
+     *
+     * Pass one of `'saas' | 'ecommerce' | 'school' | 'healthcare' |
+     * 'procurement'` and the wizard opens already populated with the data
+     * categories, lawful-basis defaults, sensitive-data / children /
+     * cross-border / automated-decisions flags that org type usually needs.
+     * The user can still flip every flag and rewrite every section.
+     *
+     * @example
+     *   <NDPRPrivacyPolicy
+     *     template="healthcare"
+     *     templateOverrides={{ orgName: 'Lagos Heart Centre' }}
+     *   />
+     *
+     * @see templateContextFor in `/server` or `/core` for the underlying
+     *   factory if you'd rather build the context yourself.
+     */
+    template?: OrgPolicyTemplateId;
+    /**
+     * Organisation-level overrides applied on top of the chosen template.
+     * Ignored when `template` is unset.
+     */
+    templateOverrides?: OrgPolicyTemplateOverrides;
+    /**
+     * Pass a fully-constructed `TemplateContext` to skip the template
+     * lookup entirely. Takes precedence over `template` if both are set.
+     */
+    initialContext?: TemplateContext;
 }
 
 export declare const NDPRROPA: React__default.FC<NDPRROPAProps>;
@@ -732,6 +761,31 @@ export declare interface NDPRSubjectRightsProps {
         error?: unknown;
         response?: Response;
     }) => void;
+    /**
+     * Called when a `submitTo` POST succeeds (2xx response). Receives the
+     * `Response` object, the submitted `DSRFormSubmission` payload, and the
+     * parsed JSON body if the server returned valid JSON. Use this to
+     * display a server-generated reference number, redirect the user, or
+     * trigger analytics.
+     *
+     * The `body` field is `undefined` if the response had no body or the
+     * body was not valid JSON. It is typed `unknown` to force consumers to
+     * narrow it themselves before reading fields.
+     *
+     * @example
+     *   <NDPRSubjectRights
+     *     submitTo="/api/dsr"
+     *     onSubmitSuccess={({ response, data, body }) => {
+     *       const ref = (body as { referenceId?: string })?.referenceId;
+     *       if (ref) router.push(`/dsr-confirmation?ref=${ref}`);
+     *     }}
+     *   />
+     */
+    onSubmitSuccess?: (ctx: {
+        response: Response;
+        data: DSRFormSubmission;
+        body?: unknown;
+    }) => void;
 }
 
 /**
@@ -758,6 +812,48 @@ declare interface OrganizationInfo {
     ndpcRegistrationNumber?: string;
 }
 
+/**
+ * Org-specific privacy-policy templates — pre-filled `TemplateContext`
+ * factories for the most common Nigerian app shapes.
+ *
+ * Each template returns a fully-populated `TemplateContext` with:
+ * - industry set to the matching `Industry` value
+ * - the data categories the sector typically collects (selected: true)
+ * - the processing purposes that match the business model
+ * - sensitive-data / children / cross-border / automated-decisions flags
+ *   set to the defaults that org type usually needs (a school will have
+ *   children data, a hospital will have sensitive data, etc.)
+ *
+ * Templates are guidance starters. The wizard still walks the user through
+ * every step — they can flip any flag, add/remove categories, or rewrite
+ * any section before the policy is finalised. The legal-notice footer the
+ * toolkit ships everywhere applies to the generated output.
+ *
+ * @example
+ *   import { templateContextFor } from '@tantainnovative/ndpr-toolkit/server';
+ *   const ctx = templateContextFor('ecommerce', { orgName: 'Acme NG' });
+ *   const draft = assemblePolicy(ctx);
+ */
+
+/** Identifiers for the bundled org templates. */
+declare type OrgPolicyTemplateId = 'saas' | 'ecommerce' | 'school' | 'healthcare' | 'procurement';
+
+/** Optional overrides applied on top of a template's defaults. */
+declare interface OrgPolicyTemplateOverrides {
+    /** Organisation name (e.g. "Acme Nigeria Ltd"). Default: empty. */
+    orgName?: string;
+    /** Public website URL. */
+    website?: string;
+    /** Privacy contact email. */
+    privacyEmail?: string;
+    /** Postal address. */
+    address?: string;
+    /** DPO name. Required for DCPMI under NDPA Section 32. */
+    dpoName?: string;
+    /** DPO email. Required for the NDPC breach-notification contact. */
+    dpoEmail?: string;
+}
+
 /** Organisation size tiers — affects complexity of generated language. */
 declare type OrgSize = 'startup' | 'midsize' | 'enterprise';
 

package/dist/presets.d.ts

@@ -674,6 +674,35 @@ export declare interface NDPRPrivacyPolicyProps {
     onComplete?: (policy: PrivacyPolicy) => void;
     classNames?: Record<string, string>;
     unstyled?: boolean;
+    /**
+     * Pre-fill the policy wizard with a sector-specific starter template.
+     *
+     * Pass one of `'saas' | 'ecommerce' | 'school' | 'healthcare' |
+     * 'procurement'` and the wizard opens already populated with the data
+     * categories, lawful-basis defaults, sensitive-data / children /
+     * cross-border / automated-decisions flags that org type usually needs.
+     * The user can still flip every flag and rewrite every section.
+     *
+     * @example
+     *   <NDPRPrivacyPolicy
+     *     template="healthcare"
+     *     templateOverrides={{ orgName: 'Lagos Heart Centre' }}
+     *   />
+     *
+     * @see templateContextFor in `/server` or `/core` for the underlying
+     *   factory if you'd rather build the context yourself.
+     */
+    template?: OrgPolicyTemplateId;
+    /**
+     * Organisation-level overrides applied on top of the chosen template.
+     * Ignored when `template` is unset.
+     */
+    templateOverrides?: OrgPolicyTemplateOverrides;
+    /**
+     * Pass a fully-constructed `TemplateContext` to skip the template
+     * lookup entirely. Takes precedence over `template` if both are set.
+     */
+    initialContext?: TemplateContext;
 }
 
 export declare const NDPRROPA: React__default.FC<NDPRROPAProps>;
@@ -732,6 +761,31 @@ export declare interface NDPRSubjectRightsProps {
         error?: unknown;
         response?: Response;
     }) => void;
+    /**
+     * Called when a `submitTo` POST succeeds (2xx response). Receives the
+     * `Response` object, the submitted `DSRFormSubmission` payload, and the
+     * parsed JSON body if the server returned valid JSON. Use this to
+     * display a server-generated reference number, redirect the user, or
+     * trigger analytics.
+     *
+     * The `body` field is `undefined` if the response had no body or the
+     * body was not valid JSON. It is typed `unknown` to force consumers to
+     * narrow it themselves before reading fields.
+     *
+     * @example
+     *   <NDPRSubjectRights
+     *     submitTo="/api/dsr"
+     *     onSubmitSuccess={({ response, data, body }) => {
+     *       const ref = (body as { referenceId?: string })?.referenceId;
+     *       if (ref) router.push(`/dsr-confirmation?ref=${ref}`);
+     *     }}
+     *   />
+     */
+    onSubmitSuccess?: (ctx: {
+        response: Response;
+        data: DSRFormSubmission;
+        body?: unknown;
+    }) => void;
 }
 
 /**
@@ -758,6 +812,48 @@ declare interface OrganizationInfo {
     ndpcRegistrationNumber?: string;
 }
 
+/**
+ * Org-specific privacy-policy templates — pre-filled `TemplateContext`
+ * factories for the most common Nigerian app shapes.
+ *
+ * Each template returns a fully-populated `TemplateContext` with:
+ * - industry set to the matching `Industry` value
+ * - the data categories the sector typically collects (selected: true)
+ * - the processing purposes that match the business model
+ * - sensitive-data / children / cross-border / automated-decisions flags
+ *   set to the defaults that org type usually needs (a school will have
+ *   children data, a hospital will have sensitive data, etc.)
+ *
+ * Templates are guidance starters. The wizard still walks the user through
+ * every step — they can flip any flag, add/remove categories, or rewrite
+ * any section before the policy is finalised. The legal-notice footer the
+ * toolkit ships everywhere applies to the generated output.
+ *
+ * @example
+ *   import { templateContextFor } from '@tantainnovative/ndpr-toolkit/server';
+ *   const ctx = templateContextFor('ecommerce', { orgName: 'Acme NG' });
+ *   const draft = assemblePolicy(ctx);
+ */
+
+/** Identifiers for the bundled org templates. */
+declare type OrgPolicyTemplateId = 'saas' | 'ecommerce' | 'school' | 'healthcare' | 'procurement';
+
+/** Optional overrides applied on top of a template's defaults. */
+declare interface OrgPolicyTemplateOverrides {
+    /** Organisation name (e.g. "Acme Nigeria Ltd"). Default: empty. */
+    orgName?: string;
+    /** Public website URL. */
+    website?: string;
+    /** Privacy contact email. */
+    privacyEmail?: string;
+    /** Postal address. */
+    address?: string;
+    /** DPO name. Required for DCPMI under NDPA Section 32. */
+    dpoName?: string;
+    /** DPO email. Required for the NDPC breach-notification contact. */
+    dpoEmail?: string;
+}
+
 /** Organisation size tiers — affects complexity of generated language. */
 declare type OrgSize = 'startup' | 'midsize' | 'enterprise';
 

package/dist/presets.js

@@ -1,2 +1,2 @@
 "use client";
-'use strict';var chunkW7RBGZCC_js=require('./chunk-W7RBGZCC.js');require('./chunk-I2LMQWK3.js');var chunkV3RYHNHN_js=require('./chunk-V3RYHNHN.js'),chunkRXZFYBUJ_js=require('./chunk-RXZFYBUJ.js'),chunkNUWVPRNI_js=require('./chunk-NUWVPRNI.js'),chunkPZRQWPWD_js=require('./chunk-PZRQWPWD.js'),chunkI3Y4LOSL_js=require('./chunk-I3Y4LOSL.js'),chunk5GVMKUMP_js=require('./chunk-5GVMKUMP.js');require('./chunk-UI536RU2.js'),require('./chunk-N3MQQUQP.js');var chunkQPRYXVH2_js=require('./chunk-QPRYXVH2.js');require('./chunk-Q64735OC.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-4CVBQC66.js'),require('./chunk-732C2EVN.js'),require('./chunk-L2VO3MEJ.js'),require('./chunk-W47OSMT6.js');var chunkWDDCKYWA_js=require('./chunk-WDDCKYWA.js'),chunkS6COXIZA_js=require('./chunk-S6COXIZA.js');require('./chunk-UXUMYP4L.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-AME4HJR4.js'),require('./chunk-VWED6UTN.js');var chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js'),jsxRuntime=require('react/jsx-runtime'),react=require('react');var L=[{id:"unauthorized_access",name:"Unauthorized Access",description:"Unauthorized access to personal data",defaultSeverity:"high"},{id:"data_loss",name:"Data Loss",description:"Loss of personal data",defaultSeverity:"high"},{id:"data_theft",name:"Data Theft",description:"Theft of personal data",defaultSeverity:"critical"},{id:"system_breach",name:"System Breach",description:"Breach of system containing personal data",defaultSeverity:"critical"},{id:"accidental_disclosure",name:"Accidental Disclosure",description:"Unintended disclosure of personal data",defaultSeverity:"medium"}],I=({categories:c=L,adapter:s,classNames:u,unstyled:p,onSubmit:o=()=>{}})=>jsxRuntime.jsx(chunkS6COXIZA_js.a,{categories:c,onSubmit:d=>{s&&s.save(d),o(d);},classNames:u,unstyled:p});var k=[{id:"project_overview",title:"Project Overview",description:"Provide basic details about the processing activity being assessed.",order:0,questions:[{id:"project_name",text:"What is the name of the project or processing activity?",type:"text",required:true},{id:"project_description",text:"Describe the nature and purpose of the processing.",guidance:"Include what personal data will be collected, why it is needed, and how it will be used.",type:"textarea",required:true},{id:"data_controller",text:"Who is the data controller responsible for this processing?",type:"text",required:true}]},{id:"necessity",title:"Necessity & Proportionality",description:"Assess whether the processing is necessary and proportionate to the purposes.",order:1,questions:[{id:"lawful_basis",text:"What is the lawful basis for processing under the NDPA 2023?",type:"select",required:true,options:[{value:"consent",label:"Consent (Section 25(1)(a))"},{value:"contract",label:"Contract (Section 25(1)(b))"},{value:"legal_obligation",label:"Legal Obligation (Section 25(1)(c))"},{value:"vital_interests",label:"Vital Interests (Section 25(1)(d))"},{value:"public_task",label:"Public Task (Section 25(1)(e))"},{value:"legitimate_interests",label:"Legitimate Interests (Section 25(1)(f))"}]},{id:"data_minimisation",text:"Is the processing limited to what is necessary for the specified purpose?",type:"radio",required:true,options:[{value:"yes",label:"Yes \u2014 only minimum data is collected",riskLevel:"low"},{value:"partial",label:"Partially \u2014 some additional data may be collected",riskLevel:"medium"},{value:"no",label:"No \u2014 more data is collected than strictly necessary",riskLevel:"high"}]}]},{id:"risk_identification",title:"Risk Identification",description:"Identify and assess risks to data subjects arising from the processing.",order:2,questions:[{id:"sensitive_data",text:"Does the processing involve sensitive personal data (e.g., health, biometric, financial, children's data)?",type:"radio",required:true,options:[{value:"no",label:"No sensitive data",riskLevel:"low"},{value:"yes_protected",label:"Yes, with appropriate safeguards",riskLevel:"medium"},{value:"yes_unprotected",label:"Yes, without adequate safeguards",riskLevel:"high"}]},{id:"scale",text:"What is the scale of processing?",type:"radio",required:true,options:[{value:"small",label:"Small scale (fewer than 1,000 individuals)",riskLevel:"low"},{value:"medium",label:"Medium scale (1,000 to 100,000 individuals)",riskLevel:"medium"},{value:"large",label:"Large scale (over 100,000 individuals)",riskLevel:"high"}]},{id:"cross_border",text:"Will data be transferred outside Nigeria?",type:"radio",required:true,options:[{value:"no",label:"No international transfers",riskLevel:"low"},{value:"adequate",label:"Yes, to countries with adequate protection",riskLevel:"medium"},{value:"inadequate",label:"Yes, to countries without adequate protection",riskLevel:"high"}]}]},{id:"mitigation",title:"Risk Mitigation & Measures",description:"Document the measures taken to address identified risks.",order:3,questions:[{id:"security_measures",text:"What technical and organisational security measures are in place?",guidance:"Include encryption, access controls, pseudonymisation, staff training, etc.",type:"textarea",required:true},{id:"retention_period",text:"What is the data retention period?",guidance:"Specify how long data will be kept and the criteria used to determine this.",type:"text",required:true},{id:"dpo_consulted",text:"Has the Data Protection Officer (DPO) been consulted on this assessment?",type:"radio",required:false,options:[{value:"yes",label:"Yes",riskLevel:"low"},{value:"no",label:"No",riskLevel:"medium"},{value:"na",label:"Not applicable \u2014 no DPO appointed",riskLevel:"medium"}]}]}],_=({sections:c=k,adapter:s,classNames:u,unstyled:p,onComplete:o=()=>{}})=>{let[n,d]=react.useState({}),[m,f]=react.useState(0),P=(a,C)=>{d(S=>chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},S),{[a]:C}));},e=()=>{m<c.length-1?f(a=>a+1):(s&&s.save(n),o(n));},t=()=>{m>0&&f(a=>a-1);},r=Math.round((m+1)/c.length*100);return jsxRuntime.jsx(chunkWDDCKYWA_js.a,{sections:c,answers:n,onAnswerChange:P,currentSectionIndex:m,onNextSection:e,onPrevSection:t,progress:r,classNames:u,unstyled:p})};var F=({initialActivities:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunkPZRQWPWD_js.a,{activities:o,onAddActivity:e=>{let t=Date.now(),r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},e),{id:`activity-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateActivity:(e,t)=>{let r=o.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onArchiveActivity:e=>{let t=o.map(r=>r.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},r),{status:"inactive",updatedAt:Date.now()}):r);n(t),d(t);},classNames:u,unstyled:p})};var W=({initialTransfers:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunkI3Y4LOSL_js.a,{transfers:o,onAddTransfer:e=>{let t=Date.now(),r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},e),{id:`transfer-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateTransfer:(e,t)=>{let r=o.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onRemoveTransfer:e=>{let t=o.filter(r=>r.id!==e);n(t),d(t);},classNames:u,unstyled:p})};var j={id:"ndpr-ropa-default",organizationName:"Your Organisation",organizationContact:"",organizationAddress:"",records:[],lastUpdated:Date.now(),version:"1.0"},V=({initialData:c,adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(c!=null?c:j);react.useEffect(()=>{if(!s)return;let e=false;return chunkRFPLZDIO_js.d(null,null,function*(){let r=yield s.load();!e&&r&&n(r);}),()=>{e=true;}},[s]);let d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunk5GVMKUMP_js.a,{ropa:o,onAddRecord:e=>{let t=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:[...o.records,e],lastUpdated:Date.now()});n(t),d(t);},onUpdateRecord:(e,t)=>{let r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:o.records.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a),lastUpdated:Date.now()});n(r),d(r);},onArchiveRecord:e=>{let t=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:o.records.map(r=>r.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},r),{status:"archived",updatedAt:Date.now()}):r),lastUpdated:Date.now()});n(t),d(t);},classNames:u,unstyled:p})};var G=u=>{var p=u,{input:c}=p,s=chunkRFPLZDIO_js.c(p,["input"]);let o=chunkQPRYXVH2_js.a(c);return jsxRuntime.jsx(chunkNUWVPRNI_js.a,chunkRFPLZDIO_js.a({report:o},s))};Object.defineProperty(exports,"NDPRPrivacyPolicy",{enumerable:true,get:function(){return chunkW7RBGZCC_js.a}});Object.defineProperty(exports,"NDPRConsent",{enumerable:true,get:function(){return chunkV3RYHNHN_js.a}});Object.defineProperty(exports,"NDPRSubjectRights",{enumerable:true,get:function(){return chunkRXZFYBUJ_js.a}});exports.NDPRBreachReport=I;exports.NDPRComplianceDashboard=G;exports.NDPRCrossBorder=W;exports.NDPRDPIA=_;exports.NDPRLawfulBasis=F;exports.NDPRROPA=V;
+'use strict';var chunkV3RYHNHN_js=require('./chunk-V3RYHNHN.js'),chunkXS3Z4UT7_js=require('./chunk-XS3Z4UT7.js'),chunk5IOC3VAW_js=require('./chunk-5IOC3VAW.js');require('./chunk-W7OLQRJP.js');var chunkNUWVPRNI_js=require('./chunk-NUWVPRNI.js'),chunkS6COXIZA_js=require('./chunk-S6COXIZA.js'),chunkPZRQWPWD_js=require('./chunk-PZRQWPWD.js'),chunkI3Y4LOSL_js=require('./chunk-I3Y4LOSL.js'),chunk5GVMKUMP_js=require('./chunk-5GVMKUMP.js');require('./chunk-3GRGYT3P.js'),require('./chunk-HXWHL4BD.js'),require('./chunk-N3MQQUQP.js');var chunkQPRYXVH2_js=require('./chunk-QPRYXVH2.js');require('./chunk-Q64735OC.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-4CVBQC66.js'),require('./chunk-732C2EVN.js'),require('./chunk-L2VO3MEJ.js'),require('./chunk-W47OSMT6.js'),require('./chunk-UXUMYP4L.js');var chunkWDDCKYWA_js=require('./chunk-WDDCKYWA.js');require('./chunk-ZVOIR4QH.js'),require('./chunk-AME4HJR4.js'),require('./chunk-VWED6UTN.js');var chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js'),jsxRuntime=require('react/jsx-runtime'),react=require('react');var L=[{id:"unauthorized_access",name:"Unauthorized Access",description:"Unauthorized access to personal data",defaultSeverity:"high"},{id:"data_loss",name:"Data Loss",description:"Loss of personal data",defaultSeverity:"high"},{id:"data_theft",name:"Data Theft",description:"Theft of personal data",defaultSeverity:"critical"},{id:"system_breach",name:"System Breach",description:"Breach of system containing personal data",defaultSeverity:"critical"},{id:"accidental_disclosure",name:"Accidental Disclosure",description:"Unintended disclosure of personal data",defaultSeverity:"medium"}],I=({categories:c=L,adapter:s,classNames:u,unstyled:p,onSubmit:o=()=>{}})=>jsxRuntime.jsx(chunkS6COXIZA_js.a,{categories:c,onSubmit:d=>{s&&s.save(d),o(d);},classNames:u,unstyled:p});var k=[{id:"project_overview",title:"Project Overview",description:"Provide basic details about the processing activity being assessed.",order:0,questions:[{id:"project_name",text:"What is the name of the project or processing activity?",type:"text",required:true},{id:"project_description",text:"Describe the nature and purpose of the processing.",guidance:"Include what personal data will be collected, why it is needed, and how it will be used.",type:"textarea",required:true},{id:"data_controller",text:"Who is the data controller responsible for this processing?",type:"text",required:true}]},{id:"necessity",title:"Necessity & Proportionality",description:"Assess whether the processing is necessary and proportionate to the purposes.",order:1,questions:[{id:"lawful_basis",text:"What is the lawful basis for processing under the NDPA 2023?",type:"select",required:true,options:[{value:"consent",label:"Consent (Section 25(1)(a))"},{value:"contract",label:"Contract (Section 25(1)(b))"},{value:"legal_obligation",label:"Legal Obligation (Section 25(1)(c))"},{value:"vital_interests",label:"Vital Interests (Section 25(1)(d))"},{value:"public_task",label:"Public Task (Section 25(1)(e))"},{value:"legitimate_interests",label:"Legitimate Interests (Section 25(1)(f))"}]},{id:"data_minimisation",text:"Is the processing limited to what is necessary for the specified purpose?",type:"radio",required:true,options:[{value:"yes",label:"Yes \u2014 only minimum data is collected",riskLevel:"low"},{value:"partial",label:"Partially \u2014 some additional data may be collected",riskLevel:"medium"},{value:"no",label:"No \u2014 more data is collected than strictly necessary",riskLevel:"high"}]}]},{id:"risk_identification",title:"Risk Identification",description:"Identify and assess risks to data subjects arising from the processing.",order:2,questions:[{id:"sensitive_data",text:"Does the processing involve sensitive personal data (e.g., health, biometric, financial, children's data)?",type:"radio",required:true,options:[{value:"no",label:"No sensitive data",riskLevel:"low"},{value:"yes_protected",label:"Yes, with appropriate safeguards",riskLevel:"medium"},{value:"yes_unprotected",label:"Yes, without adequate safeguards",riskLevel:"high"}]},{id:"scale",text:"What is the scale of processing?",type:"radio",required:true,options:[{value:"small",label:"Small scale (fewer than 1,000 individuals)",riskLevel:"low"},{value:"medium",label:"Medium scale (1,000 to 100,000 individuals)",riskLevel:"medium"},{value:"large",label:"Large scale (over 100,000 individuals)",riskLevel:"high"}]},{id:"cross_border",text:"Will data be transferred outside Nigeria?",type:"radio",required:true,options:[{value:"no",label:"No international transfers",riskLevel:"low"},{value:"adequate",label:"Yes, to countries with adequate protection",riskLevel:"medium"},{value:"inadequate",label:"Yes, to countries without adequate protection",riskLevel:"high"}]}]},{id:"mitigation",title:"Risk Mitigation & Measures",description:"Document the measures taken to address identified risks.",order:3,questions:[{id:"security_measures",text:"What technical and organisational security measures are in place?",guidance:"Include encryption, access controls, pseudonymisation, staff training, etc.",type:"textarea",required:true},{id:"retention_period",text:"What is the data retention period?",guidance:"Specify how long data will be kept and the criteria used to determine this.",type:"text",required:true},{id:"dpo_consulted",text:"Has the Data Protection Officer (DPO) been consulted on this assessment?",type:"radio",required:false,options:[{value:"yes",label:"Yes",riskLevel:"low"},{value:"no",label:"No",riskLevel:"medium"},{value:"na",label:"Not applicable \u2014 no DPO appointed",riskLevel:"medium"}]}]}],_=({sections:c=k,adapter:s,classNames:u,unstyled:p,onComplete:o=()=>{}})=>{let[n,d]=react.useState({}),[m,f]=react.useState(0),P=(a,C)=>{d(S=>chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},S),{[a]:C}));},e=()=>{m<c.length-1?f(a=>a+1):(s&&s.save(n),o(n));},t=()=>{m>0&&f(a=>a-1);},r=Math.round((m+1)/c.length*100);return jsxRuntime.jsx(chunkWDDCKYWA_js.a,{sections:c,answers:n,onAnswerChange:P,currentSectionIndex:m,onNextSection:e,onPrevSection:t,progress:r,classNames:u,unstyled:p})};var F=({initialActivities:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunkPZRQWPWD_js.a,{activities:o,onAddActivity:e=>{let t=Date.now(),r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},e),{id:`activity-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateActivity:(e,t)=>{let r=o.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onArchiveActivity:e=>{let t=o.map(r=>r.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},r),{status:"inactive",updatedAt:Date.now()}):r);n(t),d(t);},classNames:u,unstyled:p})};var W=({initialTransfers:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunkI3Y4LOSL_js.a,{transfers:o,onAddTransfer:e=>{let t=Date.now(),r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},e),{id:`transfer-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateTransfer:(e,t)=>{let r=o.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onRemoveTransfer:e=>{let t=o.filter(r=>r.id!==e);n(t),d(t);},classNames:u,unstyled:p})};var j={id:"ndpr-ropa-default",organizationName:"Your Organisation",organizationContact:"",organizationAddress:"",records:[],lastUpdated:Date.now(),version:"1.0"},V=({initialData:c,adapter:s,classNames:u,unstyled:p})=>{let[o,n]=react.useState(c!=null?c:j);react.useEffect(()=>{if(!s)return;let e=false;return chunkRFPLZDIO_js.d(null,null,function*(){let r=yield s.load();!e&&r&&n(r);}),()=>{e=true;}},[s]);let d=e=>{s&&s.save(e);};return jsxRuntime.jsx(chunk5GVMKUMP_js.a,{ropa:o,onAddRecord:e=>{let t=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:[...o.records,e],lastUpdated:Date.now()});n(t),d(t);},onUpdateRecord:(e,t)=>{let r=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:o.records.map(a=>a.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},a),t),{updatedAt:Date.now()}):a),lastUpdated:Date.now()});n(r),d(r);},onArchiveRecord:e=>{let t=chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},o),{records:o.records.map(r=>r.id===e?chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a({},r),{status:"archived",updatedAt:Date.now()}):r),lastUpdated:Date.now()});n(t),d(t);},classNames:u,unstyled:p})};var G=u=>{var p=u,{input:c}=p,s=chunkRFPLZDIO_js.c(p,["input"]);let o=chunkQPRYXVH2_js.a(c);return jsxRuntime.jsx(chunkNUWVPRNI_js.a,chunkRFPLZDIO_js.a({report:o},s))};Object.defineProperty(exports,"NDPRConsent",{enumerable:true,get:function(){return chunkV3RYHNHN_js.a}});Object.defineProperty(exports,"NDPRSubjectRights",{enumerable:true,get:function(){return chunkXS3Z4UT7_js.a}});Object.defineProperty(exports,"NDPRPrivacyPolicy",{enumerable:true,get:function(){return chunk5IOC3VAW_js.a}});exports.NDPRBreachReport=I;exports.NDPRComplianceDashboard=G;exports.NDPRCrossBorder=W;exports.NDPRDPIA=_;exports.NDPRLawfulBasis=F;exports.NDPRROPA=V;

package/dist/presets.mjs

@@ -1,2 +1,2 @@
 "use client";
-export{a as NDPRPrivacyPolicy}from'./chunk-RV2VMWZJ.mjs';import'./chunk-BNHQFZHL.mjs';export{a as NDPRConsent}from'./chunk-LTPSN2SU.mjs';export{a as NDPRSubjectRights}from'./chunk-SJRIOZ4K.mjs';import {a as a$7}from'./chunk-ZIZL37BG.mjs';import {a as a$2}from'./chunk-COD3RMTL.mjs';import {a as a$4}from'./chunk-GTYXVAJX.mjs';import {a as a$5}from'./chunk-EXEXUAF6.mjs';import'./chunk-O6CUBNXK.mjs';import'./chunk-AOHKVFAS.mjs';import {a as a$6}from'./chunk-EFIBHKQE.mjs';import'./chunk-RMQ7OLNY.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-XP5PL6K7.mjs';import'./chunk-BFAX7JQA.mjs';import'./chunk-YTU4FNM2.mjs';import'./chunk-XJO4DH3L.mjs';import {a as a$1}from'./chunk-ZQZJNKVB.mjs';import {a}from'./chunk-ZHFLBL63.mjs';import'./chunk-EWVK45Z3.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-DBZSN4WP.mjs';import {b,a as a$3,d,c}from'./chunk-ZJYULEER.mjs';import {jsx}from'react/jsx-runtime';import {useState,useEffect}from'react';var L=[{id:"unauthorized_access",name:"Unauthorized Access",description:"Unauthorized access to personal data",defaultSeverity:"high"},{id:"data_loss",name:"Data Loss",description:"Loss of personal data",defaultSeverity:"high"},{id:"data_theft",name:"Data Theft",description:"Theft of personal data",defaultSeverity:"critical"},{id:"system_breach",name:"System Breach",description:"Breach of system containing personal data",defaultSeverity:"critical"},{id:"accidental_disclosure",name:"Accidental Disclosure",description:"Unintended disclosure of personal data",defaultSeverity:"medium"}],I=({categories:c=L,adapter:s,classNames:u,unstyled:p,onSubmit:o=()=>{}})=>jsx(a,{categories:c,onSubmit:d=>{s&&s.save(d),o(d);},classNames:u,unstyled:p});var k=[{id:"project_overview",title:"Project Overview",description:"Provide basic details about the processing activity being assessed.",order:0,questions:[{id:"project_name",text:"What is the name of the project or processing activity?",type:"text",required:true},{id:"project_description",text:"Describe the nature and purpose of the processing.",guidance:"Include what personal data will be collected, why it is needed, and how it will be used.",type:"textarea",required:true},{id:"data_controller",text:"Who is the data controller responsible for this processing?",type:"text",required:true}]},{id:"necessity",title:"Necessity & Proportionality",description:"Assess whether the processing is necessary and proportionate to the purposes.",order:1,questions:[{id:"lawful_basis",text:"What is the lawful basis for processing under the NDPA 2023?",type:"select",required:true,options:[{value:"consent",label:"Consent (Section 25(1)(a))"},{value:"contract",label:"Contract (Section 25(1)(b))"},{value:"legal_obligation",label:"Legal Obligation (Section 25(1)(c))"},{value:"vital_interests",label:"Vital Interests (Section 25(1)(d))"},{value:"public_task",label:"Public Task (Section 25(1)(e))"},{value:"legitimate_interests",label:"Legitimate Interests (Section 25(1)(f))"}]},{id:"data_minimisation",text:"Is the processing limited to what is necessary for the specified purpose?",type:"radio",required:true,options:[{value:"yes",label:"Yes \u2014 only minimum data is collected",riskLevel:"low"},{value:"partial",label:"Partially \u2014 some additional data may be collected",riskLevel:"medium"},{value:"no",label:"No \u2014 more data is collected than strictly necessary",riskLevel:"high"}]}]},{id:"risk_identification",title:"Risk Identification",description:"Identify and assess risks to data subjects arising from the processing.",order:2,questions:[{id:"sensitive_data",text:"Does the processing involve sensitive personal data (e.g., health, biometric, financial, children's data)?",type:"radio",required:true,options:[{value:"no",label:"No sensitive data",riskLevel:"low"},{value:"yes_protected",label:"Yes, with appropriate safeguards",riskLevel:"medium"},{value:"yes_unprotected",label:"Yes, without adequate safeguards",riskLevel:"high"}]},{id:"scale",text:"What is the scale of processing?",type:"radio",required:true,options:[{value:"small",label:"Small scale (fewer than 1,000 individuals)",riskLevel:"low"},{value:"medium",label:"Medium scale (1,000 to 100,000 individuals)",riskLevel:"medium"},{value:"large",label:"Large scale (over 100,000 individuals)",riskLevel:"high"}]},{id:"cross_border",text:"Will data be transferred outside Nigeria?",type:"radio",required:true,options:[{value:"no",label:"No international transfers",riskLevel:"low"},{value:"adequate",label:"Yes, to countries with adequate protection",riskLevel:"medium"},{value:"inadequate",label:"Yes, to countries without adequate protection",riskLevel:"high"}]}]},{id:"mitigation",title:"Risk Mitigation & Measures",description:"Document the measures taken to address identified risks.",order:3,questions:[{id:"security_measures",text:"What technical and organisational security measures are in place?",guidance:"Include encryption, access controls, pseudonymisation, staff training, etc.",type:"textarea",required:true},{id:"retention_period",text:"What is the data retention period?",guidance:"Specify how long data will be kept and the criteria used to determine this.",type:"text",required:true},{id:"dpo_consulted",text:"Has the Data Protection Officer (DPO) been consulted on this assessment?",type:"radio",required:false,options:[{value:"yes",label:"Yes",riskLevel:"low"},{value:"no",label:"No",riskLevel:"medium"},{value:"na",label:"Not applicable \u2014 no DPO appointed",riskLevel:"medium"}]}]}],_=({sections:c=k,adapter:s,classNames:u,unstyled:p,onComplete:o=()=>{}})=>{let[n,d]=useState({}),[m,f]=useState(0),P=(a,C)=>{d(S=>b(a$3({},S),{[a]:C}));},e=()=>{m<c.length-1?f(a=>a+1):(s&&s.save(n),o(n));},t=()=>{m>0&&f(a=>a-1);},r=Math.round((m+1)/c.length*100);return jsx(a$1,{sections:c,answers:n,onAnswerChange:P,currentSectionIndex:m,onNextSection:e,onPrevSection:t,progress:r,classNames:u,unstyled:p})};var F=({initialActivities:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsx(a$2,{activities:o,onAddActivity:e=>{let t=Date.now(),r=b(a$3({},e),{id:`activity-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateActivity:(e,t)=>{let r=o.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onArchiveActivity:e=>{let t=o.map(r=>r.id===e?b(a$3({},r),{status:"inactive",updatedAt:Date.now()}):r);n(t),d(t);},classNames:u,unstyled:p})};var W=({initialTransfers:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsx(a$4,{transfers:o,onAddTransfer:e=>{let t=Date.now(),r=b(a$3({},e),{id:`transfer-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateTransfer:(e,t)=>{let r=o.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onRemoveTransfer:e=>{let t=o.filter(r=>r.id!==e);n(t),d(t);},classNames:u,unstyled:p})};var j={id:"ndpr-ropa-default",organizationName:"Your Organisation",organizationContact:"",organizationAddress:"",records:[],lastUpdated:Date.now(),version:"1.0"},V=({initialData:c,adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(c!=null?c:j);useEffect(()=>{if(!s)return;let e=false;return d(null,null,function*(){let r=yield s.load();!e&&r&&n(r);}),()=>{e=true;}},[s]);let d$1=e=>{s&&s.save(e);};return jsx(a$5,{ropa:o,onAddRecord:e=>{let t=b(a$3({},o),{records:[...o.records,e],lastUpdated:Date.now()});n(t),d$1(t);},onUpdateRecord:(e,t)=>{let r=b(a$3({},o),{records:o.records.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a),lastUpdated:Date.now()});n(r),d$1(r);},onArchiveRecord:e=>{let t=b(a$3({},o),{records:o.records.map(r=>r.id===e?b(a$3({},r),{status:"archived",updatedAt:Date.now()}):r),lastUpdated:Date.now()});n(t),d$1(t);},classNames:u,unstyled:p})};var G=u=>{var p=u,{input:c$1}=p,s=c(p,["input"]);let o=a$6(c$1);return jsx(a$7,a$3({report:o},s))};export{I as NDPRBreachReport,G as NDPRComplianceDashboard,W as NDPRCrossBorder,_ as NDPRDPIA,F as NDPRLawfulBasis,V as NDPRROPA};
+export{a as NDPRConsent}from'./chunk-LTPSN2SU.mjs';export{a as NDPRSubjectRights}from'./chunk-EFIWANHF.mjs';export{a as NDPRPrivacyPolicy}from'./chunk-R7545FP4.mjs';import'./chunk-ATFUSHC2.mjs';import {a as a$7}from'./chunk-ZIZL37BG.mjs';import {a}from'./chunk-ZHFLBL63.mjs';import {a as a$2}from'./chunk-COD3RMTL.mjs';import {a as a$4}from'./chunk-GTYXVAJX.mjs';import {a as a$5}from'./chunk-EXEXUAF6.mjs';import'./chunk-UKLU6BQF.mjs';import'./chunk-2MIQXECH.mjs';import'./chunk-AOHKVFAS.mjs';import {a as a$6}from'./chunk-EFIBHKQE.mjs';import'./chunk-RMQ7OLNY.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-XP5PL6K7.mjs';import'./chunk-BFAX7JQA.mjs';import'./chunk-YTU4FNM2.mjs';import'./chunk-XJO4DH3L.mjs';import'./chunk-EWVK45Z3.mjs';import {a as a$1}from'./chunk-ZQZJNKVB.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-DBZSN4WP.mjs';import {b,a as a$3,d,c}from'./chunk-ZJYULEER.mjs';import {jsx}from'react/jsx-runtime';import {useState,useEffect}from'react';var L=[{id:"unauthorized_access",name:"Unauthorized Access",description:"Unauthorized access to personal data",defaultSeverity:"high"},{id:"data_loss",name:"Data Loss",description:"Loss of personal data",defaultSeverity:"high"},{id:"data_theft",name:"Data Theft",description:"Theft of personal data",defaultSeverity:"critical"},{id:"system_breach",name:"System Breach",description:"Breach of system containing personal data",defaultSeverity:"critical"},{id:"accidental_disclosure",name:"Accidental Disclosure",description:"Unintended disclosure of personal data",defaultSeverity:"medium"}],I=({categories:c=L,adapter:s,classNames:u,unstyled:p,onSubmit:o=()=>{}})=>jsx(a,{categories:c,onSubmit:d=>{s&&s.save(d),o(d);},classNames:u,unstyled:p});var k=[{id:"project_overview",title:"Project Overview",description:"Provide basic details about the processing activity being assessed.",order:0,questions:[{id:"project_name",text:"What is the name of the project or processing activity?",type:"text",required:true},{id:"project_description",text:"Describe the nature and purpose of the processing.",guidance:"Include what personal data will be collected, why it is needed, and how it will be used.",type:"textarea",required:true},{id:"data_controller",text:"Who is the data controller responsible for this processing?",type:"text",required:true}]},{id:"necessity",title:"Necessity & Proportionality",description:"Assess whether the processing is necessary and proportionate to the purposes.",order:1,questions:[{id:"lawful_basis",text:"What is the lawful basis for processing under the NDPA 2023?",type:"select",required:true,options:[{value:"consent",label:"Consent (Section 25(1)(a))"},{value:"contract",label:"Contract (Section 25(1)(b))"},{value:"legal_obligation",label:"Legal Obligation (Section 25(1)(c))"},{value:"vital_interests",label:"Vital Interests (Section 25(1)(d))"},{value:"public_task",label:"Public Task (Section 25(1)(e))"},{value:"legitimate_interests",label:"Legitimate Interests (Section 25(1)(f))"}]},{id:"data_minimisation",text:"Is the processing limited to what is necessary for the specified purpose?",type:"radio",required:true,options:[{value:"yes",label:"Yes \u2014 only minimum data is collected",riskLevel:"low"},{value:"partial",label:"Partially \u2014 some additional data may be collected",riskLevel:"medium"},{value:"no",label:"No \u2014 more data is collected than strictly necessary",riskLevel:"high"}]}]},{id:"risk_identification",title:"Risk Identification",description:"Identify and assess risks to data subjects arising from the processing.",order:2,questions:[{id:"sensitive_data",text:"Does the processing involve sensitive personal data (e.g., health, biometric, financial, children's data)?",type:"radio",required:true,options:[{value:"no",label:"No sensitive data",riskLevel:"low"},{value:"yes_protected",label:"Yes, with appropriate safeguards",riskLevel:"medium"},{value:"yes_unprotected",label:"Yes, without adequate safeguards",riskLevel:"high"}]},{id:"scale",text:"What is the scale of processing?",type:"radio",required:true,options:[{value:"small",label:"Small scale (fewer than 1,000 individuals)",riskLevel:"low"},{value:"medium",label:"Medium scale (1,000 to 100,000 individuals)",riskLevel:"medium"},{value:"large",label:"Large scale (over 100,000 individuals)",riskLevel:"high"}]},{id:"cross_border",text:"Will data be transferred outside Nigeria?",type:"radio",required:true,options:[{value:"no",label:"No international transfers",riskLevel:"low"},{value:"adequate",label:"Yes, to countries with adequate protection",riskLevel:"medium"},{value:"inadequate",label:"Yes, to countries without adequate protection",riskLevel:"high"}]}]},{id:"mitigation",title:"Risk Mitigation & Measures",description:"Document the measures taken to address identified risks.",order:3,questions:[{id:"security_measures",text:"What technical and organisational security measures are in place?",guidance:"Include encryption, access controls, pseudonymisation, staff training, etc.",type:"textarea",required:true},{id:"retention_period",text:"What is the data retention period?",guidance:"Specify how long data will be kept and the criteria used to determine this.",type:"text",required:true},{id:"dpo_consulted",text:"Has the Data Protection Officer (DPO) been consulted on this assessment?",type:"radio",required:false,options:[{value:"yes",label:"Yes",riskLevel:"low"},{value:"no",label:"No",riskLevel:"medium"},{value:"na",label:"Not applicable \u2014 no DPO appointed",riskLevel:"medium"}]}]}],_=({sections:c=k,adapter:s,classNames:u,unstyled:p,onComplete:o=()=>{}})=>{let[n,d]=useState({}),[m,f]=useState(0),P=(a,C)=>{d(S=>b(a$3({},S),{[a]:C}));},e=()=>{m<c.length-1?f(a=>a+1):(s&&s.save(n),o(n));},t=()=>{m>0&&f(a=>a-1);},r=Math.round((m+1)/c.length*100);return jsx(a$1,{sections:c,answers:n,onAnswerChange:P,currentSectionIndex:m,onNextSection:e,onPrevSection:t,progress:r,classNames:u,unstyled:p})};var F=({initialActivities:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsx(a$2,{activities:o,onAddActivity:e=>{let t=Date.now(),r=b(a$3({},e),{id:`activity-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateActivity:(e,t)=>{let r=o.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onArchiveActivity:e=>{let t=o.map(r=>r.id===e?b(a$3({},r),{status:"inactive",updatedAt:Date.now()}):r);n(t),d(t);},classNames:u,unstyled:p})};var W=({initialTransfers:c=[],adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(()=>{if(s){let e=s.load();if(e&&!(e instanceof Promise))return e}return c}),d=e=>{s&&s.save(e);};return jsx(a$4,{transfers:o,onAddTransfer:e=>{let t=Date.now(),r=b(a$3({},e),{id:`transfer-${t}`,createdAt:t,updatedAt:t}),a=[...o,r];n(a),d(a);},onUpdateTransfer:(e,t)=>{let r=o.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a);n(r),d(r);},onRemoveTransfer:e=>{let t=o.filter(r=>r.id!==e);n(t),d(t);},classNames:u,unstyled:p})};var j={id:"ndpr-ropa-default",organizationName:"Your Organisation",organizationContact:"",organizationAddress:"",records:[],lastUpdated:Date.now(),version:"1.0"},V=({initialData:c,adapter:s,classNames:u,unstyled:p})=>{let[o,n]=useState(c!=null?c:j);useEffect(()=>{if(!s)return;let e=false;return d(null,null,function*(){let r=yield s.load();!e&&r&&n(r);}),()=>{e=true;}},[s]);let d$1=e=>{s&&s.save(e);};return jsx(a$5,{ropa:o,onAddRecord:e=>{let t=b(a$3({},o),{records:[...o.records,e],lastUpdated:Date.now()});n(t),d$1(t);},onUpdateRecord:(e,t)=>{let r=b(a$3({},o),{records:o.records.map(a=>a.id===e?b(a$3(a$3({},a),t),{updatedAt:Date.now()}):a),lastUpdated:Date.now()});n(r),d$1(r);},onArchiveRecord:e=>{let t=b(a$3({},o),{records:o.records.map(r=>r.id===e?b(a$3({},r),{status:"archived",updatedAt:Date.now()}):r),lastUpdated:Date.now()});n(t),d$1(t);},classNames:u,unstyled:p})};var G=u=>{var p=u,{input:c$1}=p,s=c(p,["input"]);let o=a$6(c$1);return jsx(a$7,a$3({report:o},s))};export{I as NDPRBreachReport,G as NDPRComplianceDashboard,W as NDPRCrossBorder,_ as NDPRDPIA,F as NDPRLawfulBasis,V as NDPRROPA};

package/dist/ropa-lite.d.mts

@@ -0,0 +1,218 @@
+import React__default from 'react';
+
+/**
+ * Generates a summary of the Record of Processing Activities.
+ * Provides statistics and identifies records that are due for review.
+ *
+ * @param ropa - The full Record of Processing Activities
+ * @returns Summary statistics for the ROPA
+ */
+export declare function generateROPASummary(ropa: RecordOfProcessingActivities): ROPASummary;
+
+/**
+ * Identifies compliance gaps in the Record of Processing Activities.
+ * Finds records that are missing required information per NDPA 2023.
+ *
+ * @param ropa - The full Record of Processing Activities
+ * @returns Array of compliance gaps grouped by record
+ */
+export declare function identifyComplianceGaps(ropa: RecordOfProcessingActivities): ROPAComplianceGap[];
+
+/**
+ * Lawful Basis types aligned with NDPA 2023 Part III (Sections 24-28)
+ * Every processing activity must have a documented lawful basis
+ */
+/**
+ * The six lawful bases for processing personal data per NDPA Section 25(1)
+ */
+declare type LawfulBasis = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests';
+
+/**
+ * Record of Processing Activities (ROPA) types aligned with NDPA 2023
+ * Data controllers must maintain comprehensive records of all processing activities
+ */
+
+/**
+ * Represents a single processing record in the ROPA
+ */
+export declare interface ProcessingRecord {
+    /** Unique identifier */
+    id: string;
+    /** Name of the processing activity */
+    name: string;
+    /** Detailed description of the processing */
+    description: string;
+    /** Data controller details */
+    controllerDetails: {
+        name: string;
+        contact: string;
+        address: string;
+        registrationNumber?: string;
+        dpoContact?: string;
+    };
+    /** Joint controller details (if applicable) */
+    jointControllerDetails?: {
+        name: string;
+        contact: string;
+        address: string;
+        responsibilities: string;
+    };
+    /** Data processor details (if processing is outsourced) */
+    processorDetails?: {
+        name: string;
+        contact: string;
+        address: string;
+        contractReference?: string;
+    };
+    /** Lawful basis for the processing */
+    lawfulBasis: LawfulBasis;
+    /** Justification for the chosen lawful basis */
+    lawfulBasisJustification: string;
+    /** Purposes of the processing */
+    purposes: string[];
+    /** Categories of personal data processed */
+    dataCategories: string[];
+    /** Categories of sensitive personal data (if any) */
+    sensitiveDataCategories?: string[];
+    /** Categories of data subjects */
+    dataSubjectCategories: string[];
+    /** Recipients or categories of recipients */
+    recipients: string[];
+    /** Cross-border transfer details */
+    crossBorderTransfers?: Array<{
+        destinationCountry: string;
+        countryCode?: string;
+        safeguards: string;
+        transferMechanism: string;
+    }>;
+    /** Data retention period */
+    retentionPeriod: string;
+    /** Justification for the retention period */
+    retentionJustification?: string;
+    /** Technical and organizational security measures */
+    securityMeasures: string[];
+    /** Data source (directly from data subject or from third party) */
+    dataSource: 'data_subject' | 'third_party' | 'public_source' | 'other';
+    /** Third-party source details (if dataSource is 'third_party') */
+    thirdPartySourceDetails?: string;
+    /** Whether a DPIA is required for this processing */
+    dpiaRequired: boolean;
+    /** Reference to the DPIA (if conducted) */
+    dpiaReference?: string;
+    /** Whether automated decision-making is involved */
+    automatedDecisionMaking: boolean;
+    /** Details of automated decision-making (if applicable) */
+    automatedDecisionMakingDetails?: string;
+    /** Status of the processing record */
+    status: 'active' | 'inactive' | 'archived';
+    /** Department or business unit responsible */
+    department?: string;
+    /** System or application used for processing */
+    systemsUsed?: string[];
+    /** Timestamp when the record was created */
+    createdAt: number;
+    /** Timestamp when the record was last updated */
+    updatedAt: number;
+    /** Timestamp when the record was last reviewed */
+    lastReviewedAt?: number;
+    /** Next review date */
+    nextReviewDate?: number;
+}
+
+/**
+ * Represents a complete Record of Processing Activities
+ */
+export declare interface RecordOfProcessingActivities {
+    /** Unique identifier */
+    id: string;
+    /** Organization name */
+    organizationName: string;
+    /** Organization contact information */
+    organizationContact: string;
+    /** Organization address */
+    organizationAddress: string;
+    /** Data Protection Officer details */
+    dpoDetails?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+    /** NDPC registration number */
+    ndpcRegistrationNumber?: string;
+    /** All processing records */
+    records: ProcessingRecord[];
+    /** Timestamp when the ROPA was last updated */
+    lastUpdated: number;
+    /** Version of the ROPA */
+    version: string;
+    /** Export format options */
+    exportFormats?: ('pdf' | 'csv' | 'json' | 'xlsx')[];
+}
+
+/**
+ * Compliance gap found in a processing record
+ */
+export declare interface ROPAComplianceGap {
+    recordId: string;
+    recordName: string;
+    gaps: string[];
+}
+
+export declare const ROPAManagerLite: React__default.FC<ROPAManagerLiteProps>;
+
+export declare interface ROPAManagerLiteClassNames {
+    root?: string;
+    header?: string;
+    title?: string;
+    summary?: string;
+    summaryCard?: string;
+    table?: string;
+    tableHeader?: string;
+    tableRow?: string;
+    statusBadge?: string;
+    complianceScore?: string;
+    gapAlert?: string;
+}
+
+export declare interface ROPAManagerLiteProps {
+    records: ProcessingRecord[];
+    title?: string;
+    description?: string;
+    className?: string;
+    classNames?: ROPAManagerLiteClassNames;
+    unstyled?: boolean;
+    showSummary?: boolean;
+    showComplianceGaps?: boolean;
+    onRecordClick?: (record: ProcessingRecord) => void;
+}
+
+/**
+ * Summary statistics for the ROPA
+ */
+export declare interface ROPASummary {
+    /** Total number of processing records */
+    totalRecords: number;
+    /** Active processing records */
+    activeRecords: number;
+    /** Records by lawful basis */
+    byLawfulBasis: Record<LawfulBasis, number>;
+    /** Records involving sensitive data */
+    sensitiveDataRecords: number;
+    /** Records involving cross-border transfers */
+    crossBorderRecords: number;
+    /** Records requiring DPIA */
+    dpiaRequiredRecords: number;
+    /** Records involving automated decision-making */
+    automatedDecisionRecords: number;
+    /** Records due for review */
+    recordsDueForReview: ProcessingRecord[];
+    /** Departments with most processing activities */
+    topDepartments: Array<{
+        department: string;
+        count: number;
+    }>;
+    /** Last updated timestamp */
+    lastUpdated: number;
+}
+
+export { }