@tantainnovative/ndpr-toolkit/dist/chunk-WZYCBW2R.js

Nigeria Data Protection Toolkit — enterprise-grade compliance components for the Nigeria Data Protection Act (NDPA) 2023

'use strict';function o(i){let t=[],e=[];return i.id||t.push("Activity ID is required."),(!i.name||i.name.trim()==="")&&t.push("Activity name is required."),(!i.description||i.description.trim()==="")&&t.push("Activity description is required."),i.lawfulBasis||t.push("Lawful basis is required per NDPA Section 25."),(!i.lawfulBasisJustification||i.lawfulBasisJustification.trim()==="")&&t.push("Justification for the lawful basis is required."),(!i.dataCategories||i.dataCategories.length===0)&&t.push("At least one data category must be specified."),(!i.dataSubjectCategories||i.dataSubjectCategories.length===0)&&t.push("At least one data subject category must be specified."),(!i.purposes||i.purposes.length===0)&&t.push("At least one processing purpose must be specified."),(!i.retentionPeriod||i.retentionPeriod.trim()==="")&&t.push("Data retention period is required."),i.lawfulBasis==="legitimate_interests"&&(!i.lawfulBasisJustification||i.lawfulBasisJustification.trim().length<20)&&t.push("Legitimate interests requires a detailed Legitimate Interest Assessment (LIA) justification (NDPA Section 25(1)(f))."),i.involvesSensitiveData&&!i.sensitiveDataCondition&&t.push("Processing sensitive personal data requires specifying a condition under NDPA Section 30."),i.dpoApproval?i.dpoApproval.approved||e.push("Activity has a DPO review but has not been approved."):e.push("Activity has not been approved by the DPO."),i.reviewDate?i.reviewDate<Date.now()&&e.push("Activity is overdue for review."):e.push("No review date has been set. Regular reviews are recommended."),i.retentionJustification||e.push("Consider documenting the justification for the retention period."),i.crossBorderTransfer&&(!i.recipients||i.recipients.length===0)&&e.push("Cross-border transfer is indicated but no recipients are listed. Document the recipients or categories of recipients."),{isValid:t.length===0,errors:t,warnings:e}}function c(i){return {consent:"Consent (NDPA Section 25(1)(a)) - The data subject has given consent to the processing of their personal data for one or more specific purposes.",contract:"Contract (NDPA Section 25(1)(b)) - Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.",legal_obligation:"Legal Obligation (NDPA Section 25(1)(c)) - Processing is necessary for compliance with a legal obligation to which the data controller is subject.",vital_interests:"Vital Interests (NDPA Section 25(1)(d)) - Processing is necessary to protect the vital interests of the data subject or another natural person.",public_interest:"Public Interest (NDPA Section 25(1)(e)) - Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.",legitimate_interests:"Legitimate Interests (NDPA Section 25(1)(f)) - Processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject."}[i]}function p(i){let t=[];for(let e of i)e.status!=="archived"&&((!e.dpoApproval||!e.dpoApproval.approved)&&t.push({activityId:e.id,activityName:e.name,type:"missing_approval",severity:"high",description:`Processing activity "${e.name}" has not been approved by the DPO.`}),e.reviewDate&&e.reviewDate<Date.now()&&t.push({activityId:e.id,activityName:e.name,type:"overdue_review",severity:"medium",description:`Processing activity "${e.name}" was due for review on ${new Date(e.reviewDate).toLocaleDateString()}.`}),(!e.lawfulBasisJustification||e.lawfulBasisJustification.trim()==="")&&t.push({activityId:e.id,activityName:e.name,type:"missing_justification",severity:"high",description:`Processing activity "${e.name}" is missing the lawful basis justification.`}),e.lawfulBasis==="legitimate_interests"&&(!e.lawfulBasisJustification||e.lawfulBasisJustification.trim().length<20)&&t.push({activityId:e.id,activityName:e.name,type:"missing_lia",severity:"high",description:`Processing activity "${e.name}" relies on legitimate interests but lacks a detailed Legitimate Interest Assessment (NDPA Section 25(1)(f)).`}),e.involvesSensitiveData&&!e.sensitiveDataCondition&&t.push({activityId:e.id,activityName:e.name,type:"missing_sensitive_condition",severity:"high",description:`Processing activity "${e.name}" involves sensitive data but no condition under NDPA Section 30 has been specified.`}),(!e.retentionPeriod||e.retentionPeriod.trim()==="")&&t.push({activityId:e.id,activityName:e.name,type:"missing_retention",severity:"medium",description:`Processing activity "${e.name}" is missing a documented retention period.`}),(!e.dataCategories||e.dataCategories.length===0)&&t.push({activityId:e.id,activityName:e.name,type:"missing_data_categories",severity:"medium",description:`Processing activity "${e.name}" has no documented data categories.`}),(!e.purposes||e.purposes.length===0)&&t.push({activityId:e.id,activityName:e.name,type:"missing_purposes",severity:"medium",description:`Processing activity "${e.name}" has no documented processing purposes.`}));return t}function u(i){let t={consent:0,contract:0,legal_obligation:0,vital_interests:0,public_interest:0,legitimate_interests:0},e=0,a=0,n=[],r=[];for(let s of i)s.status!=="archived"&&(s.lawfulBasis in t&&t[s.lawfulBasis]++,s.involvesSensitiveData&&e++,s.crossBorderTransfer&&a++,s.reviewDate&&s.reviewDate<Date.now()&&n.push(s),(!s.dpoApproval||!s.dpoApproval.approved)&&r.push(s));return {totalActivities:i.filter(s=>s.status!=="archived").length,byBasis:t,sensitiveDataActivities:e,crossBorderActivities:a,activitiesDueForReview:n,activitiesWithoutApproval:r,lastUpdated:Date.now()}}exports.a=o;exports.b=c;exports.c=p;exports.d=u;