@tantainnovative/ndpr-toolkit 5.2.0 → 5.4.0

package/dist/headless.d.ts

@@ -27,9 +27,183 @@ declare interface BreachCategory {
 declare type BreachCompositeState = {
     reports: BreachReport[];
     assessments: RiskAssessment[];
-    notifications: RegulatoryNotification[];
+    notifications: RegulatoryNotification_2[];
 };
 
+export declare interface BreachNotificationAssessment {
+    /** Whether all applicable mandated content items are satisfied. */
+    complete: boolean;
+    /** Completeness of applicable content items, 0–100. */
+    completeness: number;
+    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
+    notificationToCommission: BreachNotificationItem[];
+    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
+    dataSubjectCommunication: BreachNotificationItem[];
+    /** Whether a data-subject communication is owed (high risk). */
+    dataSubjectCommunicationRequired: boolean;
+    timing: BreachNotificationTiming;
+    /** Labels of unsatisfied applicable items. */
+    missing: string[];
+    /** Actionable next steps, including timing warnings. */
+    recommendations: string[];
+    asOf: number;
+}
+
+declare interface BreachNotificationAssessment_2 {
+    /** Whether all applicable mandated content items are satisfied. */
+    complete: boolean;
+    /** Completeness of applicable content items, 0–100. */
+    completeness: number;
+    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
+    notificationToCommission: BreachNotificationItem_2[];
+    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
+    dataSubjectCommunication: BreachNotificationItem_2[];
+    /** Whether a data-subject communication is owed (high risk). */
+    dataSubjectCommunicationRequired: boolean;
+    timing: BreachNotificationTiming_2;
+    /** Labels of unsatisfied applicable items. */
+    missing: string[];
+    /** Actionable next steps, including timing warnings. */
+    recommendations: string[];
+    asOf: number;
+}
+
+export declare interface BreachNotificationItem {
+    /** Stable identifier for the requirement. */
+    id: string;
+    /** Human-readable requirement. */
+    label: string;
+    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
+    section: string;
+    /** Whether the report satisfies it. */
+    satisfied: boolean;
+}
+
+declare interface BreachNotificationItem_2 {
+    /** Stable identifier for the requirement. */
+    id: string;
+    /** Human-readable requirement. */
+    label: string;
+    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
+    section: string;
+    /** Whether the report satisfies it. */
+    satisfied: boolean;
+}
+
+/**
+ * Personal-data-breach notification completeness checker for NDPA 2023
+ * Section 40, as detailed by NDPC General Application and Implementation
+ * Directive (GAID) 2025 Article 33.
+ *
+ * Section 40(2) requires a data controller to notify the Commission within 72
+ * hours of becoming aware of a breach likely to result in a risk to data
+ * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
+ * content that a notification to the Commission "shall include". Where the
+ * breach is likely to result in a *high* risk, Section 40(3) additionally
+ * requires the controller to communicate the breach to affected data subjects
+ * in plain and clear language.
+ *
+ * This assesses a `BreachReport` against those requirements: which mandated
+ * content items are present, whether the 72-hour window is met, and whether a
+ * data-subject communication is owed. It is a documentation-completeness aid,
+ * not legal advice — verify against current NDPC guidance.
+ *
+ * @see NDPA 2023 Section 40 (Personal data breaches)
+ * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
+ */
+
+export declare interface BreachNotificationOptions {
+    /** Risk assessment for the breach; drives whether data-subject communication is required. */
+    assessment?: RiskAssessment;
+    /** The regulatory notification actually sent, if any — used to judge timeliness. */
+    notification?: RegulatoryNotification_2;
+    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
+    deadlineHours?: number;
+    /**
+     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
+     * `assessment.highRisksToRightsAndFreedoms`.
+     */
+    highRisk?: boolean;
+}
+
+/**
+ * Personal-data-breach notification completeness checker for NDPA 2023
+ * Section 40, as detailed by NDPC General Application and Implementation
+ * Directive (GAID) 2025 Article 33.
+ *
+ * Section 40(2) requires a data controller to notify the Commission within 72
+ * hours of becoming aware of a breach likely to result in a risk to data
+ * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
+ * content that a notification to the Commission "shall include". Where the
+ * breach is likely to result in a *high* risk, Section 40(3) additionally
+ * requires the controller to communicate the breach to affected data subjects
+ * in plain and clear language.
+ *
+ * This assesses a `BreachReport` against those requirements: which mandated
+ * content items are present, whether the 72-hour window is met, and whether a
+ * data-subject communication is owed. It is a documentation-completeness aid,
+ * not legal advice — verify against current NDPC guidance.
+ *
+ * @see NDPA 2023 Section 40 (Personal data breaches)
+ * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
+ */
+
+declare interface BreachNotificationOptions_2 {
+    /** Risk assessment for the breach; drives whether data-subject communication is required. */
+    assessment?: RiskAssessment_2;
+    /** The regulatory notification actually sent, if any — used to judge timeliness. */
+    notification?: RegulatoryNotification;
+    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
+    deadlineHours?: number;
+    /**
+     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
+     * `assessment.highRisksToRightsAndFreedoms`.
+     */
+    highRisk?: boolean;
+}
+
+export declare interface BreachNotificationTiming {
+    /** `discoveredAt` + the notification window. */
+    deadline: number;
+    /** Whole hours between discovery and `asOf`. */
+    hoursSinceDiscovery: number;
+    /** Whether a regulatory notification has been recorded. */
+    notified: boolean;
+    /** When the regulatory notification was sent, if any. */
+    notifiedAt?: number;
+    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
+    withinDeadline: boolean;
+    /** Whole hours from `asOf` to the deadline (negative once past). */
+    hoursRemaining: number;
+    /** Whether the deadline has been missed. */
+    overdue: boolean;
+    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
+    requiresDelayJustification: boolean;
+}
+
+declare interface BreachNotificationTiming_2 {
+    /** `discoveredAt` + the notification window. */
+    deadline: number;
+    /** Whole hours between discovery and `asOf`. */
+    hoursSinceDiscovery: number;
+    /** Whether a regulatory notification has been recorded. */
+    notified: boolean;
+    /** When the regulatory notification was sent, if any. */
+    notifiedAt?: number;
+    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
+    withinDeadline: boolean;
+    /** Whole hours from `asOf` to the deadline (negative once past). */
+    hoursRemaining: number;
+    /** Whether the deadline has been missed. */
+    overdue: boolean;
+    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
+    requiresDelayJustification: boolean;
+}
+
 /**
  * Represents a data breach report
  */
@@ -118,6 +292,94 @@ export declare interface BreachReport {
     }>;
 }
 
+/**
+ * Represents a data breach report
+ */
+declare interface BreachReport_2 {
+    /** Unique identifier for the breach report */
+    id: string;
+    /** Title/summary of the breach */
+    title: string;
+    /** Detailed description of the breach */
+    description: string;
+    /** Category of the breach */
+    category: string;
+    /** Timestamp when the breach was discovered */
+    discoveredAt: number;
+    /** Timestamp when the breach occurred (if known) */
+    occurredAt?: number;
+    /** Timestamp when the breach was reported internally */
+    reportedAt: number;
+    /** Person who reported the breach */
+    reporter: {
+        name: string;
+        email: string;
+        department: string;
+        phone?: string;
+    };
+    /** Systems or data affected by the breach */
+    affectedSystems: string[];
+    /** Types of data involved in the breach */
+    dataTypes: string[];
+    /** Whether sensitive personal data is involved (NDPA Section 30) */
+    involvesSensitiveData?: boolean;
+    /** Estimated number of data subjects affected */
+    estimatedAffectedSubjects?: number;
+    /**
+     * Approximate number of personal data RECORDS concerned (distinct from subject count).
+     * Required content under NDPA Section 40(1)(a) and Section 40(2).
+     */
+    approximateRecordCount?: number;
+    /**
+     * Categories of data subjects affected (e.g. customers, employees, minors, patients).
+     * Required content under NDPA Section 40(1)(a) and Section 40(2).
+     */
+    dataSubjectCategories?: string[];
+    /**
+     * Likely consequences of the breach for affected data subjects (e.g. identity theft,
+     * financial loss, reputational damage). Reported to the NDPC and, where applicable,
+     * communicated to data subjects under Section 40(3).
+     */
+    likelyConsequences?: string;
+    /**
+     * Measures taken or proposed to mitigate adverse effects of the breach.
+     * Required content for Section 40(3) communications to data subjects.
+     */
+    mitigationMeasures?: string;
+    /**
+     * Whether this is a phased / interim report submitted before full investigation
+     * is complete. The NDPC permits phased reporting where complete information is
+     * not available within 72 hours.
+     */
+    isPhasedReport?: boolean;
+    /**
+     * ID of the prior phased report this report supplements, if any.
+     */
+    supplementsReportId?: string;
+    /**
+     * Data Protection Officer contact details. The DPO is the named contact point
+     * for the NDPC per NDPA Section 32(3)(c). Required content in the regulatory
+     * report (Section 40(2)).
+     */
+    dpoContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+    /** Whether the breach is ongoing or contained */
+    status: 'ongoing' | 'contained' | 'resolved';
+    /** Initial actions taken to address the breach */
+    initialActions?: string;
+    /** Attachments related to the breach */
+    attachments?: Array<{
+        id: string;
+        name: string;
+        type: string;
+        url: string;
+        addedAt: number;
+    }>;
+}
+
 /**
  * Compliance Audit Returns (CAR) scheduling under the NDPC General Application
  * and Implementation Directive (GAID) 2025.
@@ -1594,6 +1856,57 @@ declare interface RegulatoryNotification {
     };
 }
 
+/**
+ * Represents a notification sent to the NDPC (Nigeria Data Protection Commission)
+ */
+declare interface RegulatoryNotification_2 {
+    /** Unique identifier for the notification */
+    id: string;
+    /** ID of the breach this notification is for */
+    breachId: string;
+    /** Timestamp when the notification was sent */
+    sentAt: number;
+    /** Method used to send the notification */
+    method: 'email' | 'portal' | 'letter' | 'other';
+    /** Reference number assigned by the NDPC (if available) */
+    referenceNumber?: string;
+    /** Contact person at the NDPC */
+    ndpcContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+    /** Content of the notification */
+    content: string;
+    /** Attachments included with the notification */
+    attachments?: Array<{
+        id: string;
+        name: string;
+        type: string;
+        url: string;
+    }>;
+    /** Follow-up communications with the NDPC */
+    followUps?: Array<{
+        timestamp: number;
+        direction: 'sent' | 'received';
+        content: string;
+        attachments?: Array<{
+            id: string;
+            name: string;
+            type: string;
+            url: string;
+        }>;
+    }>;
+    /**
+     * @deprecated Use ndpcContact instead. Kept for backward compatibility.
+     */
+    nitdaContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+}
+
 declare interface RegulatoryReference {
     section: string;
     title: string;
@@ -1684,6 +1997,44 @@ export declare interface RiskAssessment {
     justification: string;
 }
 
+/**
+ * Represents a risk assessment for a data breach
+ */
+declare interface RiskAssessment_2 {
+    /** Unique identifier for the risk assessment */
+    id: string;
+    /** ID of the breach this assessment is for */
+    breachId: string;
+    /** Timestamp when the assessment was conducted */
+    assessedAt: number;
+    /** Person who conducted the assessment */
+    assessor: {
+        name: string;
+        role: string;
+        email: string;
+    };
+    /** Confidentiality impact (1-5) */
+    confidentialityImpact: number;
+    /** Integrity impact (1-5) */
+    integrityImpact: number;
+    /** Availability impact (1-5) */
+    availabilityImpact: number;
+    /** Likelihood of harm to data subjects (1-5) */
+    harmLikelihood: number;
+    /** Severity of potential harm to data subjects (1-5) */
+    harmSeverity: number;
+    /** Overall risk score */
+    overallRiskScore: number;
+    /** Risk level based on the overall score */
+    riskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /** Whether the breach is likely to result in a risk to rights and freedoms */
+    risksToRightsAndFreedoms: boolean;
+    /** Whether the breach is likely to result in a high risk to rights and freedoms */
+    highRisksToRightsAndFreedoms: boolean;
+    /** Justification for the risk assessment */
+    justification: string;
+}
+
 /**
  * Compliance gap found in a processing record
  */
@@ -1905,6 +2256,14 @@ export declare interface UseAdaptivePolicyWizardReturn {
  */
 export declare function useBreach({ categories, initialReports, adapter, storageKey, useLocalStorage, onReport, onAssessment, onNotification, }: UseBreachOptions): UseBreachReturn;
 
+/**
+ * React hook that memoises the `assessBreachNotification` utility — checks a
+ * breach report's completeness against the NDPA S. 40 / GAID 2025 Article 33
+ * notification requirements (mandated content, the 72-hour window, and any
+ * data-subject communication owed on high risk).
+ */
+export declare function useBreachNotificationAssessment(report: BreachReport_2, options?: BreachNotificationOptions_2): BreachNotificationAssessment_2;
+
 export declare interface UseBreachOptions {
     /**
      * Available breach categories
@@ -1941,7 +2300,7 @@ export declare interface UseBreachOptions {
     /**
      * Callback function called when a notification is sent
      */
-    onNotification?: (notification: RegulatoryNotification) => void;
+    onNotification?: (notification: RegulatoryNotification_2) => void;
 }
 
 export declare interface UseBreachReturn {
@@ -1956,7 +2315,7 @@ export declare interface UseBreachReturn {
     /**
      * All regulatory notifications
      */
-    notifications: RegulatoryNotification[];
+    notifications: RegulatoryNotification_2[];
     /**
      * Submit a new breach report
      */
@@ -1984,11 +2343,11 @@ export declare interface UseBreachReturn {
     /**
      * Send a regulatory notification
      */
-    sendNotification: (breachId: string, notificationData: Omit<RegulatoryNotification, 'id' | 'breachId' | 'sentAt'>) => RegulatoryNotification;
+    sendNotification: (breachId: string, notificationData: Omit<RegulatoryNotification_2, 'id' | 'breachId' | 'sentAt'>) => RegulatoryNotification_2;
     /**
      * Get a regulatory notification for a breach
      */
-    getNotification: (breachId: string) => RegulatoryNotification | null;
+    getNotification: (breachId: string) => RegulatoryNotification_2 | null;
     /**
      * Get breaches that require notification within the next X hours
      */

package/dist/headless.js

@@ -1,2 +1,2 @@
 "use client";
-'use strict';require('./chunk-MR7YZZDU.js');var chunkSDYLKJGC_js=require('./chunk-SDYLKJGC.js'),chunkEHQVTFYO_js=require('./chunk-EHQVTFYO.js'),chunkRC3XFXTJ_js=require('./chunk-RC3XFXTJ.js'),chunkQHW4UKGJ_js=require('./chunk-QHW4UKGJ.js'),chunkIRRUYR6M_js=require('./chunk-IRRUYR6M.js'),chunkHHK5LHEG_js=require('./chunk-HHK5LHEG.js'),chunkTLIHFGIJ_js=require('./chunk-TLIHFGIJ.js');require('./chunk-WKY26JLT.js'),require('./chunk-JS7SYL5P.js'),require('./chunk-7TTXS7JX.js'),require('./chunk-3YTAOT5O.js'),require('./chunk-D2ZKDQVL.js'),require('./chunk-6LJHLE6G.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-4CVBQC66.js');var chunkQKXGVT2Q_js=require('./chunk-QKXGVT2Q.js'),chunkL2VO3MEJ_js=require('./chunk-L2VO3MEJ.js');require('./chunk-C2KEXHRX.js'),require('./chunk-DKLJ5DYN.js');var chunkTVA6D6S4_js=require('./chunk-TVA6D6S4.js');require('./chunk-R2ZZMATR.js');var chunkJLQT3W3E_js=require('./chunk-JLQT3W3E.js');require('./chunk-TQZWJGJ2.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"useComplianceAuditReturn",{enumerable:true,get:function(){return chunkSDYLKJGC_js.c}});Object.defineProperty(exports,"useComplianceScore",{enumerable:true,get:function(){return chunkSDYLKJGC_js.a}});Object.defineProperty(exports,"useDCPMI",{enumerable:true,get:function(){return chunkSDYLKJGC_js.b}});Object.defineProperty(exports,"useBreach",{enumerable:true,get:function(){return chunkEHQVTFYO_js.a}});Object.defineProperty(exports,"useDefaultPrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.b}});Object.defineProperty(exports,"usePrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.a}});Object.defineProperty(exports,"useAdaptivePolicyWizard",{enumerable:true,get:function(){return chunkQHW4UKGJ_js.a}});Object.defineProperty(exports,"useLawfulBasis",{enumerable:true,get:function(){return chunkIRRUYR6M_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunkHHK5LHEG_js.a}});Object.defineProperty(exports,"useROPA",{enumerable:true,get:function(){return chunkTLIHFGIJ_js.a}});Object.defineProperty(exports,"useConsent",{enumerable:true,get:function(){return chunkQKXGVT2Q_js.a}});Object.defineProperty(exports,"useFocusTrap",{enumerable:true,get:function(){return chunkL2VO3MEJ_js.a}});Object.defineProperty(exports,"useDSR",{enumerable:true,get:function(){return chunkTVA6D6S4_js.a}});Object.defineProperty(exports,"useDPIA",{enumerable:true,get:function(){return chunkJLQT3W3E_js.a}});
+'use strict';require('./chunk-OVW5ASY3.js');var chunkUFTDY43A_js=require('./chunk-UFTDY43A.js'),chunkEHQVTFYO_js=require('./chunk-EHQVTFYO.js'),chunkRC3XFXTJ_js=require('./chunk-RC3XFXTJ.js'),chunkQHW4UKGJ_js=require('./chunk-QHW4UKGJ.js'),chunkIRRUYR6M_js=require('./chunk-IRRUYR6M.js'),chunkHHK5LHEG_js=require('./chunk-HHK5LHEG.js'),chunkTLIHFGIJ_js=require('./chunk-TLIHFGIJ.js');require('./chunk-WKY26JLT.js'),require('./chunk-Y346CURW.js'),require('./chunk-JS7SYL5P.js'),require('./chunk-7TTXS7JX.js'),require('./chunk-3YTAOT5O.js'),require('./chunk-D2ZKDQVL.js'),require('./chunk-6LJHLE6G.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-4CVBQC66.js');var chunkQKXGVT2Q_js=require('./chunk-QKXGVT2Q.js'),chunkL2VO3MEJ_js=require('./chunk-L2VO3MEJ.js');require('./chunk-C2KEXHRX.js'),require('./chunk-DKLJ5DYN.js');var chunkTVA6D6S4_js=require('./chunk-TVA6D6S4.js');require('./chunk-R2ZZMATR.js');var chunkJLQT3W3E_js=require('./chunk-JLQT3W3E.js');require('./chunk-TQZWJGJ2.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"useBreachNotificationAssessment",{enumerable:true,get:function(){return chunkUFTDY43A_js.a}});Object.defineProperty(exports,"useComplianceAuditReturn",{enumerable:true,get:function(){return chunkUFTDY43A_js.d}});Object.defineProperty(exports,"useComplianceScore",{enumerable:true,get:function(){return chunkUFTDY43A_js.b}});Object.defineProperty(exports,"useDCPMI",{enumerable:true,get:function(){return chunkUFTDY43A_js.c}});Object.defineProperty(exports,"useBreach",{enumerable:true,get:function(){return chunkEHQVTFYO_js.a}});Object.defineProperty(exports,"useDefaultPrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.b}});Object.defineProperty(exports,"usePrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.a}});Object.defineProperty(exports,"useAdaptivePolicyWizard",{enumerable:true,get:function(){return chunkQHW4UKGJ_js.a}});Object.defineProperty(exports,"useLawfulBasis",{enumerable:true,get:function(){return chunkIRRUYR6M_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunkHHK5LHEG_js.a}});Object.defineProperty(exports,"useROPA",{enumerable:true,get:function(){return chunkTLIHFGIJ_js.a}});Object.defineProperty(exports,"useConsent",{enumerable:true,get:function(){return chunkQKXGVT2Q_js.a}});Object.defineProperty(exports,"useFocusTrap",{enumerable:true,get:function(){return chunkL2VO3MEJ_js.a}});Object.defineProperty(exports,"useDSR",{enumerable:true,get:function(){return chunkTVA6D6S4_js.a}});Object.defineProperty(exports,"useDPIA",{enumerable:true,get:function(){return chunkJLQT3W3E_js.a}});

package/dist/headless.mjs

@@ -1,2 +1,2 @@
 "use client";
-import'./chunk-65TYKXUI.mjs';export{c as useComplianceAuditReturn,a as useComplianceScore,b as useDCPMI}from'./chunk-TQCKLZ4F.mjs';export{a as useBreach}from'./chunk-RFXGD5NE.mjs';export{b as useDefaultPrivacyPolicy,a as usePrivacyPolicy}from'./chunk-UVXS7KRV.mjs';export{a as useAdaptivePolicyWizard}from'./chunk-KE2FZH2V.mjs';export{a as useLawfulBasis}from'./chunk-B6BRD5SL.mjs';export{a as useCrossBorderTransfer}from'./chunk-KDAZQO3N.mjs';export{a as useROPA}from'./chunk-FRMVSG4N.mjs';import'./chunk-SZXHNJGG.mjs';import'./chunk-IVSNHT24.mjs';import'./chunk-6A7M4CGJ.mjs';import'./chunk-WTGKZX7J.mjs';import'./chunk-NBQQ2GN3.mjs';import'./chunk-BIJSMSUU.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-XP5PL6K7.mjs';export{a as useConsent}from'./chunk-PQ5IPUJN.mjs';export{a as useFocusTrap}from'./chunk-YTU4FNM2.mjs';import'./chunk-XC3DLYEG.mjs';import'./chunk-R3ZKV2J7.mjs';export{a as useDSR}from'./chunk-ZSRO4L3C.mjs';import'./chunk-RRVML7CU.mjs';export{a as useDPIA}from'./chunk-I3V3ITN7.mjs';import'./chunk-LRRENTT5.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';
+import'./chunk-YQTZWPOS.mjs';export{a as useBreachNotificationAssessment,d as useComplianceAuditReturn,b as useComplianceScore,c as useDCPMI}from'./chunk-SDV2C5OT.mjs';export{a as useBreach}from'./chunk-RFXGD5NE.mjs';export{b as useDefaultPrivacyPolicy,a as usePrivacyPolicy}from'./chunk-UVXS7KRV.mjs';export{a as useAdaptivePolicyWizard}from'./chunk-KE2FZH2V.mjs';export{a as useLawfulBasis}from'./chunk-B6BRD5SL.mjs';export{a as useCrossBorderTransfer}from'./chunk-KDAZQO3N.mjs';export{a as useROPA}from'./chunk-FRMVSG4N.mjs';import'./chunk-SZXHNJGG.mjs';import'./chunk-WJSUVPYX.mjs';import'./chunk-IVSNHT24.mjs';import'./chunk-6A7M4CGJ.mjs';import'./chunk-WTGKZX7J.mjs';import'./chunk-NBQQ2GN3.mjs';import'./chunk-BIJSMSUU.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-XP5PL6K7.mjs';export{a as useConsent}from'./chunk-PQ5IPUJN.mjs';export{a as useFocusTrap}from'./chunk-YTU4FNM2.mjs';import'./chunk-XC3DLYEG.mjs';import'./chunk-R3ZKV2J7.mjs';export{a as useDSR}from'./chunk-ZSRO4L3C.mjs';import'./chunk-RRVML7CU.mjs';export{a as useDPIA}from'./chunk-I3V3ITN7.mjs';import'./chunk-LRRENTT5.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';

package/dist/hooks.d.mts

@@ -30,6 +30,93 @@ declare type BreachCompositeState = {
     notifications: RegulatoryNotification[];
 };
 
+export declare interface BreachNotificationAssessment {
+    /** Whether all applicable mandated content items are satisfied. */
+    complete: boolean;
+    /** Completeness of applicable content items, 0–100. */
+    completeness: number;
+    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
+    notificationToCommission: BreachNotificationItem[];
+    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
+    dataSubjectCommunication: BreachNotificationItem[];
+    /** Whether a data-subject communication is owed (high risk). */
+    dataSubjectCommunicationRequired: boolean;
+    timing: BreachNotificationTiming;
+    /** Labels of unsatisfied applicable items. */
+    missing: string[];
+    /** Actionable next steps, including timing warnings. */
+    recommendations: string[];
+    asOf: number;
+}
+
+export declare interface BreachNotificationItem {
+    /** Stable identifier for the requirement. */
+    id: string;
+    /** Human-readable requirement. */
+    label: string;
+    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
+    section: string;
+    /** Whether the report satisfies it. */
+    satisfied: boolean;
+}
+
+/**
+ * Personal-data-breach notification completeness checker for NDPA 2023
+ * Section 40, as detailed by NDPC General Application and Implementation
+ * Directive (GAID) 2025 Article 33.
+ *
+ * Section 40(2) requires a data controller to notify the Commission within 72
+ * hours of becoming aware of a breach likely to result in a risk to data
+ * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
+ * content that a notification to the Commission "shall include". Where the
+ * breach is likely to result in a *high* risk, Section 40(3) additionally
+ * requires the controller to communicate the breach to affected data subjects
+ * in plain and clear language.
+ *
+ * This assesses a `BreachReport` against those requirements: which mandated
+ * content items are present, whether the 72-hour window is met, and whether a
+ * data-subject communication is owed. It is a documentation-completeness aid,
+ * not legal advice — verify against current NDPC guidance.
+ *
+ * @see NDPA 2023 Section 40 (Personal data breaches)
+ * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
+ */
+
+export declare interface BreachNotificationOptions {
+    /** Risk assessment for the breach; drives whether data-subject communication is required. */
+    assessment?: RiskAssessment;
+    /** The regulatory notification actually sent, if any — used to judge timeliness. */
+    notification?: RegulatoryNotification;
+    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
+    deadlineHours?: number;
+    /**
+     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
+     * `assessment.highRisksToRightsAndFreedoms`.
+     */
+    highRisk?: boolean;
+}
+
+export declare interface BreachNotificationTiming {
+    /** `discoveredAt` + the notification window. */
+    deadline: number;
+    /** Whole hours between discovery and `asOf`. */
+    hoursSinceDiscovery: number;
+    /** Whether a regulatory notification has been recorded. */
+    notified: boolean;
+    /** When the regulatory notification was sent, if any. */
+    notifiedAt?: number;
+    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
+    withinDeadline: boolean;
+    /** Whole hours from `asOf` to the deadline (negative once past). */
+    hoursRemaining: number;
+    /** Whether the deadline has been missed. */
+    overdue: boolean;
+    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
+    requiresDelayJustification: boolean;
+}
+
 /**
  * Represents a data breach report
  */
@@ -1651,6 +1738,14 @@ export declare interface UseAdaptivePolicyWizardReturn {
  */
 export declare function useBreach({ categories, initialReports, adapter, storageKey, useLocalStorage, onReport, onAssessment, onNotification, }: UseBreachOptions): UseBreachReturn;
 
+/**
+ * React hook that memoises the `assessBreachNotification` utility — checks a
+ * breach report's completeness against the NDPA S. 40 / GAID 2025 Article 33
+ * notification requirements (mandated content, the 72-hour window, and any
+ * data-subject communication owed on high risk).
+ */
+export declare function useBreachNotificationAssessment(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment;
+
 export declare interface UseBreachOptions {
     /**
      * Available breach categories

package/dist/hooks.d.ts

@@ -30,6 +30,93 @@ declare type BreachCompositeState = {
     notifications: RegulatoryNotification[];
 };
 
+export declare interface BreachNotificationAssessment {
+    /** Whether all applicable mandated content items are satisfied. */
+    complete: boolean;
+    /** Completeness of applicable content items, 0–100. */
+    completeness: number;
+    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
+    notificationToCommission: BreachNotificationItem[];
+    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
+    dataSubjectCommunication: BreachNotificationItem[];
+    /** Whether a data-subject communication is owed (high risk). */
+    dataSubjectCommunicationRequired: boolean;
+    timing: BreachNotificationTiming;
+    /** Labels of unsatisfied applicable items. */
+    missing: string[];
+    /** Actionable next steps, including timing warnings. */
+    recommendations: string[];
+    asOf: number;
+}
+
+export declare interface BreachNotificationItem {
+    /** Stable identifier for the requirement. */
+    id: string;
+    /** Human-readable requirement. */
+    label: string;
+    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
+    section: string;
+    /** Whether the report satisfies it. */
+    satisfied: boolean;
+}
+
+/**
+ * Personal-data-breach notification completeness checker for NDPA 2023
+ * Section 40, as detailed by NDPC General Application and Implementation
+ * Directive (GAID) 2025 Article 33.
+ *
+ * Section 40(2) requires a data controller to notify the Commission within 72
+ * hours of becoming aware of a breach likely to result in a risk to data
+ * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
+ * content that a notification to the Commission "shall include". Where the
+ * breach is likely to result in a *high* risk, Section 40(3) additionally
+ * requires the controller to communicate the breach to affected data subjects
+ * in plain and clear language.
+ *
+ * This assesses a `BreachReport` against those requirements: which mandated
+ * content items are present, whether the 72-hour window is met, and whether a
+ * data-subject communication is owed. It is a documentation-completeness aid,
+ * not legal advice — verify against current NDPC guidance.
+ *
+ * @see NDPA 2023 Section 40 (Personal data breaches)
+ * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
+ */
+
+export declare interface BreachNotificationOptions {
+    /** Risk assessment for the breach; drives whether data-subject communication is required. */
+    assessment?: RiskAssessment;
+    /** The regulatory notification actually sent, if any — used to judge timeliness. */
+    notification?: RegulatoryNotification;
+    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
+    deadlineHours?: number;
+    /**
+     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
+     * `assessment.highRisksToRightsAndFreedoms`.
+     */
+    highRisk?: boolean;
+}
+
+export declare interface BreachNotificationTiming {
+    /** `discoveredAt` + the notification window. */
+    deadline: number;
+    /** Whole hours between discovery and `asOf`. */
+    hoursSinceDiscovery: number;
+    /** Whether a regulatory notification has been recorded. */
+    notified: boolean;
+    /** When the regulatory notification was sent, if any. */
+    notifiedAt?: number;
+    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
+    withinDeadline: boolean;
+    /** Whole hours from `asOf` to the deadline (negative once past). */
+    hoursRemaining: number;
+    /** Whether the deadline has been missed. */
+    overdue: boolean;
+    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
+    requiresDelayJustification: boolean;
+}
+
 /**
  * Represents a data breach report
  */
@@ -1651,6 +1738,14 @@ export declare interface UseAdaptivePolicyWizardReturn {
  */
 export declare function useBreach({ categories, initialReports, adapter, storageKey, useLocalStorage, onReport, onAssessment, onNotification, }: UseBreachOptions): UseBreachReturn;
 
+/**
+ * React hook that memoises the `assessBreachNotification` utility — checks a
+ * breach report's completeness against the NDPA S. 40 / GAID 2025 Article 33
+ * notification requirements (mandated content, the 72-hour window, and any
+ * data-subject communication owed on high risk).
+ */
+export declare function useBreachNotificationAssessment(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment;
+
 export declare interface UseBreachOptions {
     /**
      * Available breach categories