UNPKG

@tantainnovative/ndpr-toolkit

Version:

Nigeria Data Protection Toolkit — enterprise-grade compliance components for the Nigeria Data Protection Act (NDPA) 2023

github.com/mr-tanta/ndpr-toolkit

mr-tanta/ndpr-toolkit

222 lines (209 loc) 7.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
import React__default from 'react'; /** * Generates a summary of the Record of Processing Activities. * Provides statistics and identifies records that are due for review. * * @param ropa - The full Record of Processing Activities * @returns Summary statistics for the ROPA */ export declare function generateROPASummary(ropa: RecordOfProcessingActivities): ROPASummary; /** * Identifies compliance gaps in the Record of Processing Activities. * Finds records that are missing required information per NDPA 2023. * * @param ropa - The full Record of Processing Activities * @returns Array of compliance gaps grouped by record */ export declare function identifyComplianceGaps(ropa: RecordOfProcessingActivities): ROPAComplianceGap[]; /** * Lawful Basis types aligned with NDPA 2023 Part III (Sections 24-28) * Every processing activity must have a documented lawful basis */ /** * The six lawful bases for processing personal data per NDPA Section 25(1) */ declare type LawfulBasis = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests'; /** * Record of Processing Activities (ROPA) types aligned with NDPA 2023 * Data controllers must maintain comprehensive records of all processing activities */ /** * Represents a single processing record in the ROPA */ export declare interface ProcessingRecord { /** Unique identifier */ id: string; /** Name of the processing activity */ name: string; /** Detailed description of the processing */ description: string; /** Data controller details */ controllerDetails: { name: string; contact: string; address: string; registrationNumber?: string; dpoContact?: string; }; /** Joint controller details (if applicable) */ jointControllerDetails?: { name: string; contact: string; address: string; responsibilities: string; }; /** Data processor details (if processing is outsourced) */ processorDetails?: { name: string; contact: string; address: string; contractReference?: string; }; /** Lawful basis for the processing */ lawfulBasis: LawfulBasis; /** Justification for the chosen lawful basis */ lawfulBasisJustification: string; /** Purposes of the processing */ purposes: string[]; /** Categories of personal data processed */ dataCategories: string[]; /** Categories of sensitive personal data (if any) */ sensitiveDataCategories?: string[]; /** Categories of data subjects */ dataSubjectCategories: string[]; /** Recipients or categories of recipients */ recipients: string[]; /** Cross-border transfer details */ crossBorderTransfers?: Array<{ destinationCountry: string; countryCode?: string; safeguards: string; transferMechanism: string; }>; /** Data retention period */ retentionPeriod: string; /** Justification for the retention period */ retentionJustification?: string; /** Technical and organizational security measures */ securityMeasures: string[]; /** Data source (directly from data subject or from third party) */ dataSource: 'data_subject' | 'third_party' | 'public_source' | 'other'; /** Third-party source details (if dataSource is 'third_party') */ thirdPartySourceDetails?: string; /** Whether a DPIA is required for this processing */ dpiaRequired: boolean; /** Reference to the DPIA (if conducted) */ dpiaReference?: string; /** Whether automated decision-making is involved */ automatedDecisionMaking: boolean; /** Details of automated decision-making (if applicable) */ automatedDecisionMakingDetails?: string; /** Status of the processing record */ status: 'active' | 'inactive' | 'archived'; /** Department or business unit responsible */ department?: string; /** System or application used for processing */ systemsUsed?: string[]; /** Timestamp when the record was created */ createdAt: number; /** Timestamp when the record was last updated */ updatedAt: number; /** Timestamp when the record was last reviewed */ lastReviewedAt?: number; /** Next review date */ nextReviewDate?: number; } /** * Represents a complete Record of Processing Activities */ export declare interface RecordOfProcessingActivities { /** Unique identifier */ id: string; /** Organization name */ organizationName: string; /** Organization contact information */ organizationContact: string; /** Organization address */ organizationAddress: string; /** Data Protection Officer details */ dpoDetails?: { name: string; email: string; phone?: string; }; /** NDPC registration number */ ndpcRegistrationNumber?: string; /** All processing records */ records: ProcessingRecord[]; /** Timestamp when the ROPA was last updated */ lastUpdated: number; /** Version of the ROPA */ version: string; /** Export format options */ exportFormats?: ('pdf' | 'csv' | 'json' | 'xlsx')[]; } /** * Compliance gap found in a processing record */ export declare interface ROPAComplianceGap { recordId: string; recordName: string; gaps: string[]; } export declare const ROPAManagerLite: React__default.FC<ROPAManagerLiteProps>; export declare interface ROPAManagerLiteClassNames { root?: string; header?: string; title?: string; summary?: string; summaryCard?: string; table?: string; tableHeader?: string; tableRow?: string; statusBadge?: string; complianceScore?: string; gapAlert?: string; } export declare interface ROPAManagerLiteProps { /** * Full Record of Processing Activities — matches the full `ROPAManager` API. */ ropa: RecordOfProcessingActivities; title?: string; description?: string; className?: string; classNames?: ROPAManagerLiteClassNames; unstyled?: boolean; showSummary?: boolean; showComplianceGaps?: boolean; onRecordClick?: (record: ProcessingRecord) => void; } /** * Summary statistics for the ROPA */ export declare interface ROPASummary { /** Total number of processing records */ totalRecords: number; /** Active processing records */ activeRecords: number; /** Records by lawful basis */ byLawfulBasis: Record<LawfulBasis, number>; /** Records involving sensitive data */ sensitiveDataRecords: number; /** Records involving cross-border transfers */ crossBorderRecords: number; /** Records requiring DPIA */ dpiaRequiredRecords: number; /** Records involving automated decision-making */ automatedDecisionRecords: number; /** Records due for review */ recordsDueForReview: ProcessingRecord[]; /** Departments with most processing activities */ topDepartments: Array<{ department: string; count: number; }>; /** Last updated timestamp */ lastUpdated: number; } export { }