@tantainnovative/ndpr-toolkit
Version:
Nigeria Data Protection Toolkit — enterprise-grade compliance components for the Nigeria Data Protection Act (NDPA) 2023
3 lines • 6.46 kB
JavaScript
'use strict';var l=["consent","contract","legal_obligation","vital_interests","public_interest","legitimate_interests"];function h(e){let s=[];return (!e.id||e.id.trim()==="")&&s.push("Record ID is required."),(!e.name||e.name.trim()==="")&&s.push("Processing activity name is required."),(!e.description||e.description.trim()==="")&&s.push("Processing description is required."),e.controllerDetails?((!e.controllerDetails.name||e.controllerDetails.name.trim()==="")&&s.push("Controller name is required."),(!e.controllerDetails.contact||e.controllerDetails.contact.trim()==="")&&s.push("Controller contact is required."),(!e.controllerDetails.address||e.controllerDetails.address.trim()==="")&&s.push("Controller address is required.")):s.push("Controller details are required."),(!e.lawfulBasis||!l.includes(e.lawfulBasis))&&s.push("A valid lawful basis must be specified (NDPA Section 25)."),(!e.lawfulBasisJustification||e.lawfulBasisJustification.trim()==="")&&s.push("Lawful basis justification is required to demonstrate compliance."),(!e.purposes||e.purposes.length===0)&&s.push("At least one processing purpose must be specified."),(!e.dataCategories||e.dataCategories.length===0)&&s.push("At least one data category must be specified."),(!e.dataSubjectCategories||e.dataSubjectCategories.length===0)&&s.push("At least one data subject category must be specified."),(!e.recipients||e.recipients.length===0)&&s.push("At least one recipient or category of recipients must be specified."),(!e.retentionPeriod||e.retentionPeriod.trim()==="")&&s.push("Retention period must be specified."),(!e.securityMeasures||e.securityMeasures.length===0)&&s.push("At least one security measure must be documented."),e.dataSource||s.push("Data source must be specified."),e.dataSource==="third_party"&&(!e.thirdPartySourceDetails||e.thirdPartySourceDetails.trim()==="")&&s.push('Third-party source details are required when data source is "third_party".'),e.automatedDecisionMaking&&(!e.automatedDecisionMakingDetails||e.automatedDecisionMakingDetails.trim()==="")&&s.push("Automated decision-making details are required when automated decision-making is involved."),e.dpiaRequired&&(!e.dpiaReference||e.dpiaReference.trim()==="")&&s.push("DPIA reference is required when DPIA is marked as required."),{valid:s.length===0,errors:s}}function D(e){let s=l.reduce((a,u)=>(a[u]=0,a),{}),o=0,t=0,i=0,n=0,r=0,p=[],d={},m=Date.now();for(let a of e.records)a.lawfulBasis&&l.includes(a.lawfulBasis)&&s[a.lawfulBasis]++,a.status==="active"&&o++,a.sensitiveDataCategories&&a.sensitiveDataCategories.length>0&&t++,a.crossBorderTransfers&&a.crossBorderTransfers.length>0&&i++,a.dpiaRequired&&n++,a.automatedDecisionMaking&&r++,a.nextReviewDate&&a.nextReviewDate<=m&&p.push(a),a.department&&(d[a.department]=(d[a.department]||0)+1);let g=Object.entries(d).map(([a,u])=>({department:a,count:u})).sort((a,u)=>u.count-a.count).slice(0,10);return {totalRecords:e.records.length,activeRecords:o,byLawfulBasis:s,sensitiveDataRecords:t,crossBorderRecords:i,dpiaRequiredRecords:n,automatedDecisionRecords:r,recordsDueForReview:p,topDepartments:g,lastUpdated:e.lastUpdated}}function f(e){return /^[=+\-@\t\r]/.test(e)&&(e="'"+e),e.includes(",")||e.includes('"')||e.includes(`
`)||e.includes("\r")?`"${e.replace(/"/g,'""')}"`:e}function c(e){return e?new Date(e).toISOString():""}function R(e){let s=["ID","Name","Description","Controller Name","Controller Contact","Lawful Basis","Lawful Basis Justification","Purposes","Data Categories","Sensitive Data Categories","Data Subject Categories","Recipients","Cross-Border Transfers","Retention Period","Security Measures","Data Source","DPIA Required","DPIA Reference","Automated Decision-Making","Status","Department","Systems Used","Created At","Updated At","Last Reviewed At","Next Review Date"],o=e.records.map(i=>{let n=i.crossBorderTransfers?i.crossBorderTransfers.map(r=>`${r.destinationCountry} (${r.transferMechanism}: ${r.safeguards})`).join("; "):"";return [i.id,i.name,i.description,i.controllerDetails.name,i.controllerDetails.contact,i.lawfulBasis,i.lawfulBasisJustification,i.purposes.join("; "),i.dataCategories.join("; "),(i.sensitiveDataCategories||[]).join("; "),i.dataSubjectCategories.join("; "),i.recipients.join("; "),n,i.retentionPeriod,i.securityMeasures.join("; "),i.dataSource,i.dpiaRequired?"Yes":"No",i.dpiaReference||"",i.automatedDecisionMaking?"Yes":"No",i.status,i.department||"",(i.systemsUsed||[]).join("; "),c(i.createdAt),c(i.updatedAt),c(i.lastReviewedAt),c(i.nextReviewDate)].map(r=>f(String(r)))});return [s.map(i=>f(i)).join(","),...o.map(i=>i.join(","))].join(`
`)}function w(e){let s=[],o=Date.now();for(let t of e.records){let i=[];if((!t.lawfulBasisJustification||t.lawfulBasisJustification.trim()==="")&&i.push("Missing lawful basis justification (NDPA Section 25 requires documented justification)."),(!t.retentionPeriod||t.retentionPeriod.trim()==="")&&i.push("Missing retention period (data must not be kept longer than necessary)."),(!t.securityMeasures||t.securityMeasures.length===0)&&i.push("No security measures documented (NDPA requires appropriate technical and organizational measures)."),t.nextReviewDate&&t.nextReviewDate<=o){let n=Math.ceil((o-t.nextReviewDate)/864e5);i.push(`Review is overdue by ${n} day${n!==1?"s":""}.`);}if(t.dpiaRequired&&(!t.dpiaReference||t.dpiaReference.trim()==="")&&i.push("DPIA is required but no reference to a completed DPIA was provided."),t.automatedDecisionMaking&&(!t.automatedDecisionMakingDetails||t.automatedDecisionMakingDetails.trim()==="")&&i.push("Automated decision-making is flagged but no details are documented."),t.crossBorderTransfers)for(let n of t.crossBorderTransfers)(!n.safeguards||n.safeguards.trim()==="")&&i.push(`Cross-border transfer to ${n.destinationCountry} is missing safeguard documentation.`),(!n.transferMechanism||n.transferMechanism.trim()==="")&&i.push(`Cross-border transfer to ${n.destinationCountry} is missing transfer mechanism.`);t.dataSource==="third_party"&&(!t.thirdPartySourceDetails||t.thirdPartySourceDetails.trim()==="")&&i.push('Data source is "third_party" but no source details are provided.'),(!t.purposes||t.purposes.length===0)&&i.push("No processing purposes specified."),(!t.recipients||t.recipients.length===0)&&i.push("No recipients or categories of recipients specified."),i.length>0&&s.push({recordId:t.id,recordName:t.name,gaps:i});}return s}exports.a=h;exports.b=D;exports.c=R;exports.d=w;