Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(admin): split lib document generators and data catalogs into domain barrels

Browse Source 
obligations-document, tom-document, loeschfristen-document, compliance-scope-triggers,
sdk-flow/flow-data, processing-activities, loeschfristen-baseline-catalog,
catalog-registry, dsfa mitigation-library + risk-catalog, vvt-baseline-catalog,
vendor contract-review checklists + findings, demo-data, tom-compliance.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
2026-04-18 00:07:03 +02:00
parent b00fe6cb73
commit 91063f09b8
65 changed files with 9514 additions and 9544 deletions
Download Patch File Download Diff File Expand all files Collapse all files

815
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities.ts
View File

@@ -1,813 +1,12 @@
/**
* Standard Processing Activities Catalog
* Standard Processing Activities Catalog — Barrel
*
* 28 predefined processing activities templates following Art. 30 DSGVO
* Split into domain modules; re-exported here for backward compatibility.
*/
import {
ProcessingActivityFormData,
DataSubjectCategory,
PersonalDataCategory,
LegalBasisType,
ProtectionLevel,
LocalizedText,
} from '../types'
export interface ProcessingActivityTemplate {
id: string
category: ProcessingActivityCategory
name: LocalizedText
description: LocalizedText
purposes: LocalizedText[]
dataSubjectCategories: DataSubjectCategory[]
personalDataCategories: PersonalDataCategory[]
suggestedLegalBasis: LegalBasisType[]
suggestedRetentionYears: number
suggestedProtectionLevel: ProtectionLevel
dpiaLikely: boolean
commonSystems: string[]
commonVendorCategories: string[]
}
export type ProcessingActivityCategory =
| 'HR' // Human Resources
| 'SALES' // Vertrieb
| 'MARKETING' // Marketing
| 'FINANCE' // Finanzen
| 'IT' // IT & Sicherheit
| 'CUSTOMER_SERVICE' // Kundenservice
| 'WEBSITE' // Website & Apps
| 'GENERAL' // Allgemein
export const PROCESSING_ACTIVITY_CATEGORY_META: Record<ProcessingActivityCategory, LocalizedText> = {
HR: { de: 'Personal', en: 'Human Resources' },
SALES: { de: 'Vertrieb', en: 'Sales' },
MARKETING: { de: 'Marketing', en: 'Marketing' },
FINANCE: { de: 'Finanzen', en: 'Finance' },
IT: { de: 'IT & Sicherheit', en: 'IT & Security' },
CUSTOMER_SERVICE: { de: 'Kundenservice', en: 'Customer Service' },
WEBSITE: { de: 'Website & Apps', en: 'Website & Apps' },
GENERAL: { de: 'Allgemein', en: 'General' },
}
export const PROCESSING_ACTIVITY_TEMPLATES: ProcessingActivityTemplate[] = [
// ==========================================
// HR - Human Resources
// ==========================================
{
id: 'tpl-hr-recruitment',
category: 'HR',
name: {
de: 'Bewerbermanagement',
en: 'Recruitment Management',
},
description: {
de: 'Verarbeitung von Bewerberdaten im Rahmen des Recruiting-Prozesses',
en: 'Processing of applicant data as part of the recruitment process',
},
purposes: [
{ de: 'Durchführung des Bewerbungsverfahrens', en: 'Conducting the application process' },
{ de: 'Prüfung der Eignung', en: 'Assessing suitability' },
{ de: 'Aufbau eines Talentpools (bei Einwilligung)', en: 'Building a talent pool (with consent)' },
],
dataSubjectCategories: ['APPLICANTS'],
personalDataCategories: [
'NAME', 'CONTACT', 'ADDRESS', 'DOB', 'EDUCATION_DATA',
'EMPLOYMENT_DATA', 'PHOTO_VIDEO',
],
suggestedLegalBasis: ['CONTRACT', 'CONSENT'],
suggestedRetentionYears: 0.5, // 6 Monate nach Absage
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['E-Recruiting', 'Personio', 'Workday'],
commonVendorCategories: ['HR_SOFTWARE', 'CLOUD_INFRASTRUCTURE'],
},
{
id: 'tpl-hr-personnel',
category: 'HR',
name: {
de: 'Personalverwaltung',
en: 'Personnel Administration',
},
description: {
de: 'Führung der Personalakte und Verwaltung des Beschäftigungsverhältnisses',
en: 'Maintaining personnel files and managing employment relationships',
},
purposes: [
{ de: 'Führung der Personalakte', en: 'Maintaining personnel files' },
{ de: 'Durchführung des Arbeitsverhältnisses', en: 'Executing the employment relationship' },
{ de: 'Erfüllung gesetzlicher Pflichten', en: 'Fulfilling legal obligations' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: [
'NAME', 'CONTACT', 'ADDRESS', 'DOB', 'ID_NUMBER',
'SOCIAL_SECURITY', 'TAX_ID', 'BANK_ACCOUNT', 'EMPLOYMENT_DATA',
'SALARY_DATA', 'EDUCATION_DATA', 'PHOTO_VIDEO',
],
suggestedLegalBasis: ['CONTRACT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 10, // Nach Beendigung
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['SAP HCM', 'Personio', 'DATEV'],
commonVendorCategories: ['HR_SOFTWARE', 'ERP'],
},
{
id: 'tpl-hr-payroll',
category: 'HR',
name: {
de: 'Lohn- und Gehaltsabrechnung',
en: 'Payroll Processing',
},
description: {
de: 'Berechnung und Auszahlung von Gehältern, Abführung von Steuern und Sozialabgaben',
en: 'Calculation and payment of salaries, tax and social security contributions',
},
purposes: [
{ de: 'Gehaltsberechnung und -auszahlung', en: 'Salary calculation and payment' },
{ de: 'Abführung von Lohnsteuer und Sozialabgaben', en: 'Payment of payroll taxes and social contributions' },
{ de: 'Erstellung von Lohnabrechnungen', en: 'Creating payslips' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: [
'NAME', 'ADDRESS', 'DOB', 'SOCIAL_SECURITY', 'TAX_ID',
'BANK_ACCOUNT', 'SALARY_DATA', 'EMPLOYMENT_DATA',
],
suggestedLegalBasis: ['CONTRACT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 10, // Handels- und Steuerrecht
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['DATEV', 'SAP', 'Lexware'],
commonVendorCategories: ['ACCOUNTING', 'HR_SOFTWARE'],
},
{
id: 'tpl-hr-time-tracking',
category: 'HR',
name: {
de: 'Arbeitszeiterfassung',
en: 'Time Tracking',
},
description: {
de: 'Erfassung der Arbeitszeiten zur Einhaltung des Arbeitszeitgesetzes',
en: 'Recording working hours for compliance with working time regulations',
},
purposes: [
{ de: 'Erfassung der Arbeitszeiten', en: 'Recording working hours' },
{ de: 'Einhaltung des Arbeitszeitgesetzes', en: 'Compliance with working time regulations' },
{ de: 'Grundlage für Gehaltsabrechnung', en: 'Basis for payroll' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: ['NAME', 'EMPLOYMENT_DATA', 'USAGE_DATA'],
suggestedLegalBasis: ['LEGAL_OBLIGATION', 'CONTRACT'],
suggestedRetentionYears: 2,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['ATOSS', 'Clockodo', 'Toggl'],
commonVendorCategories: ['HR_SOFTWARE'],
},
{
id: 'tpl-hr-health-management',
category: 'HR',
name: {
de: 'Betriebliches Gesundheitsmanagement',
en: 'Occupational Health Management',
},
description: {
de: 'Verwaltung von Arbeitsunfähigkeitsbescheinigungen und betriebsärztlichen Untersuchungen',
en: 'Management of sick notes and occupational health examinations',
},
purposes: [
{ de: 'Verwaltung von Krankmeldungen', en: 'Managing sick leave' },
{ de: 'Organisation betriebsärztlicher Untersuchungen', en: 'Organizing occupational health examinations' },
{ de: 'Betriebliches Eingliederungsmanagement', en: 'Occupational reintegration management' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: ['NAME', 'EMPLOYMENT_DATA', 'HEALTH_DATA'],
suggestedLegalBasis: ['ART9_EMPLOYMENT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 3,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: true,
commonSystems: ['HR-Software', 'BEM-System'],
commonVendorCategories: ['HR_SOFTWARE', 'CONSULTING'],
},
// ==========================================
// SALES - Vertrieb
// ==========================================
{
id: 'tpl-sales-crm',
category: 'SALES',
name: {
de: 'Kundenbeziehungsmanagement (CRM)',
en: 'Customer Relationship Management (CRM)',
},
description: {
de: 'Verwaltung von Kundenbeziehungen, Kontakthistorie und Verkaufschancen',
en: 'Managing customer relationships, contact history, and sales opportunities',
},
purposes: [
{ de: 'Pflege von Kundenbeziehungen', en: 'Maintaining customer relationships' },
{ de: 'Dokumentation von Kundenkontakten', en: 'Documenting customer contacts' },
{ de: 'Vertriebssteuerung', en: 'Sales management' },
],
dataSubjectCategories: ['CUSTOMERS', 'PROSPECTIVE_CUSTOMERS', 'BUSINESS_PARTNERS'],
personalDataCategories: [
'NAME', 'CONTACT', 'ADDRESS', 'CONTRACT_DATA', 'COMMUNICATION_DATA',
],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 3, // Nach letztem Kontakt
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Salesforce', 'HubSpot', 'Pipedrive', 'Microsoft Dynamics'],
commonVendorCategories: ['CRM'],
},
{
id: 'tpl-sales-contract-management',
category: 'SALES',
name: {
de: 'Vertragsmanagement',
en: 'Contract Management',
},
description: {
de: 'Verwaltung von Kundenverträgen, Angeboten und Aufträgen',
en: 'Managing customer contracts, quotes, and orders',
},
purposes: [
{ de: 'Erstellung und Verwaltung von Verträgen', en: 'Creating and managing contracts' },
{ de: 'Angebotsverfolgung', en: 'Quote tracking' },
{ de: 'Auftragsabwicklung', en: 'Order processing' },
],
dataSubjectCategories: ['CUSTOMERS', 'BUSINESS_PARTNERS'],
personalDataCategories: [
'NAME', 'CONTACT', 'ADDRESS', 'CONTRACT_DATA', 'PAYMENT_DATA',
],
suggestedLegalBasis: ['CONTRACT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 10, // Handelsrechtlich
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['ERP', 'CRM', 'Vertragsverwaltung'],
commonVendorCategories: ['ERP', 'CRM'],
},
// ==========================================
// MARKETING
// ==========================================
{
id: 'tpl-marketing-newsletter',
category: 'MARKETING',
name: {
de: 'Newsletter-Versand',
en: 'Newsletter Distribution',
},
description: {
de: 'Versand von E-Mail-Newslettern und Marketing-Kommunikation',
en: 'Sending email newsletters and marketing communications',
},
purposes: [
{ de: 'Versand von Newsletter und Marketing-E-Mails', en: 'Sending newsletters and marketing emails' },
{ de: 'Messung von Öffnungs- und Klickraten', en: 'Measuring open and click rates' },
],
dataSubjectCategories: ['NEWSLETTER_SUBSCRIBERS', 'CUSTOMERS'],
personalDataCategories: ['NAME', 'CONTACT', 'USAGE_DATA'],
suggestedLegalBasis: ['CONSENT'],
suggestedRetentionYears: 0, // Bis Widerruf
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['Mailchimp', 'CleverReach', 'Sendinblue'],
commonVendorCategories: ['EMAIL', 'MARKETING'],
},
{
id: 'tpl-marketing-advertising',
category: 'MARKETING',
name: {
de: 'Online-Werbung',
en: 'Online Advertising',
},
description: {
de: 'Schaltung und Auswertung von Online-Werbeanzeigen',
en: 'Running and analyzing online advertisements',
},
purposes: [
{ de: 'Schaltung von Online-Werbung', en: 'Running online advertisements' },
{ de: 'Conversion-Tracking', en: 'Conversion tracking' },
{ de: 'Retargeting', en: 'Retargeting' },
],
dataSubjectCategories: ['WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'DEVICE_ID', 'USAGE_DATA'],
suggestedLegalBasis: ['CONSENT'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: true,
commonSystems: ['Google Ads', 'Meta Ads', 'LinkedIn Ads'],
commonVendorCategories: ['MARKETING', 'ANALYTICS'],
},
{
id: 'tpl-marketing-events',
category: 'MARKETING',
name: {
de: 'Veranstaltungsmanagement',
en: 'Event Management',
},
description: {
de: 'Organisation und Durchführung von Veranstaltungen, Messen und Webinaren',
en: 'Organizing and conducting events, trade shows, and webinars',
},
purposes: [
{ de: 'Teilnehmerregistrierung', en: 'Participant registration' },
{ de: 'Veranstaltungsdurchführung', en: 'Event execution' },
{ de: 'Nachbereitung und Follow-up', en: 'Follow-up activities' },
],
dataSubjectCategories: ['CUSTOMERS', 'PROSPECTIVE_CUSTOMERS', 'BUSINESS_PARTNERS'],
personalDataCategories: ['NAME', 'CONTACT', 'ADDRESS', 'PHOTO_VIDEO'],
suggestedLegalBasis: ['CONTRACT', 'CONSENT'],
suggestedRetentionYears: 2,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['Eventbrite', 'GoToWebinar', 'Zoom'],
commonVendorCategories: ['MARKETING', 'COMMUNICATION'],
},
// ==========================================
// FINANCE
// ==========================================
{
id: 'tpl-finance-accounting',
category: 'FINANCE',
name: {
de: 'Finanzbuchhaltung',
en: 'Financial Accounting',
},
description: {
de: 'Führung der Finanzbuchhaltung, Rechnungsstellung und Zahlungsabwicklung',
en: 'Financial accounting, invoicing, and payment processing',
},
purposes: [
{ de: 'Buchführung und Rechnungswesen', en: 'Bookkeeping and accounting' },
{ de: 'Rechnungsstellung', en: 'Invoicing' },
{ de: 'Zahlungsabwicklung', en: 'Payment processing' },
],
dataSubjectCategories: ['CUSTOMERS', 'SUPPLIERS', 'BUSINESS_PARTNERS'],
personalDataCategories: [
'NAME', 'ADDRESS', 'BANK_ACCOUNT', 'PAYMENT_DATA', 'CONTRACT_DATA', 'TAX_ID',
],
suggestedLegalBasis: ['CONTRACT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 10, // HGB/AO
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['DATEV', 'SAP', 'Lexware', 'Xero'],
commonVendorCategories: ['ACCOUNTING', 'ERP'],
},
{
id: 'tpl-finance-debt-collection',
category: 'FINANCE',
name: {
de: 'Forderungsmanagement',
en: 'Debt Collection',
},
description: {
de: 'Verwaltung offener Forderungen und Mahnwesen',
en: 'Managing outstanding receivables and dunning',
},
purposes: [
{ de: 'Überwachung offener Forderungen', en: 'Monitoring outstanding receivables' },
{ de: 'Mahnwesen', en: 'Dunning process' },
{ de: 'Inkasso bei Bedarf', en: 'Debt collection if necessary' },
],
dataSubjectCategories: ['CUSTOMERS'],
personalDataCategories: ['NAME', 'ADDRESS', 'CONTACT', 'PAYMENT_DATA', 'CONTRACT_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 10,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['ERP', 'Inkasso-Software'],
commonVendorCategories: ['ACCOUNTING', 'LEGAL'],
},
// ==========================================
// IT & SICHERHEIT
// ==========================================
{
id: 'tpl-it-user-management',
category: 'IT',
name: {
de: 'IT-Benutzerverwaltung',
en: 'IT User Management',
},
description: {
de: 'Verwaltung von Benutzerkonten, Zugriffsrechten und Authentifizierung',
en: 'Managing user accounts, access rights, and authentication',
},
purposes: [
{ de: 'Verwaltung von Benutzerkonten', en: 'Managing user accounts' },
{ de: 'Zugriffssteuerung', en: 'Access control' },
{ de: 'Single Sign-On', en: 'Single Sign-On' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: ['NAME', 'CONTACT', 'LOGIN_DATA', 'USAGE_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 1, // Nach Kontoschließung
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['Active Directory', 'Okta', 'Azure AD'],
commonVendorCategories: ['SECURITY', 'CLOUD_INFRASTRUCTURE'],
},
{
id: 'tpl-it-logging',
category: 'IT',
name: {
de: 'IT-Protokollierung',
en: 'IT Logging',
},
description: {
de: 'Protokollierung von IT-Aktivitäten zur Sicherheit und Fehleranalyse',
en: 'Logging IT activities for security and error analysis',
},
purposes: [
{ de: 'Sicherheitsüberwachung', en: 'Security monitoring' },
{ de: 'Fehleranalyse', en: 'Error analysis' },
{ de: 'Nachvollziehbarkeit', en: 'Traceability' },
],
dataSubjectCategories: ['EMPLOYEES', 'CUSTOMERS', 'WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'DEVICE_ID', 'USAGE_DATA', 'LOGIN_DATA'],
suggestedLegalBasis: ['LEGITIMATE_INTEREST'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Splunk', 'ELK Stack', 'Datadog'],
commonVendorCategories: ['SECURITY', 'ANALYTICS'],
},
{
id: 'tpl-it-video-surveillance',
category: 'IT',
name: {
de: 'Videoüberwachung',
en: 'Video Surveillance',
},
description: {
de: 'Videoüberwachung von Geschäftsräumen zum Schutz vor Diebstahl und Vandalismus',
en: 'Video surveillance of business premises for theft and vandalism prevention',
},
purposes: [
{ de: 'Schutz vor Diebstahl und Vandalismus', en: 'Protection against theft and vandalism' },
{ de: 'Zugangskontrolle', en: 'Access control' },
{ de: 'Beweissicherung', en: 'Evidence preservation' },
],
dataSubjectCategories: ['EMPLOYEES', 'VISITORS', 'CUSTOMERS'],
personalDataCategories: ['PHOTO_VIDEO', 'BIOMETRIC_DATA'],
suggestedLegalBasis: ['LEGITIMATE_INTEREST'],
suggestedRetentionYears: 0.1, // 72 Stunden
suggestedProtectionLevel: 'HIGH',
dpiaLikely: true,
commonSystems: ['CCTV-System'],
commonVendorCategories: ['SECURITY'],
},
{
id: 'tpl-it-backup',
category: 'IT',
name: {
de: 'Datensicherung (Backup)',
en: 'Data Backup',
},
description: {
de: 'Regelmäßige Sicherung von Unternehmensdaten',
en: 'Regular backup of company data',
},
purposes: [
{ de: 'Datensicherung', en: 'Data backup' },
{ de: 'Disaster Recovery', en: 'Disaster Recovery' },
{ de: 'Geschäftskontinuität', en: 'Business continuity' },
],
dataSubjectCategories: ['EMPLOYEES', 'CUSTOMERS', 'SUPPLIERS'],
personalDataCategories: ['NAME', 'CONTACT', 'CONTRACT_DATA', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['LEGITIMATE_INTEREST', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 1, // Je nach Backup-Konzept
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['Veeam', 'AWS Backup', 'Azure Backup'],
commonVendorCategories: ['BACKUP', 'CLOUD_INFRASTRUCTURE'],
},
// ==========================================
// CUSTOMER SERVICE
// ==========================================
{
id: 'tpl-cs-support',
category: 'CUSTOMER_SERVICE',
name: {
de: 'Kundenbetreuung und Support',
en: 'Customer Support',
},
description: {
de: 'Bearbeitung von Kundenanfragen, Beschwerden und Support-Tickets',
en: 'Handling customer inquiries, complaints, and support tickets',
},
purposes: [
{ de: 'Bearbeitung von Kundenanfragen', en: 'Handling customer inquiries' },
{ de: 'Beschwerdemanagement', en: 'Complaint management' },
{ de: 'Technischer Support', en: 'Technical support' },
],
dataSubjectCategories: ['CUSTOMERS'],
personalDataCategories: ['NAME', 'CONTACT', 'CONTRACT_DATA', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 3,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Zendesk', 'Freshdesk', 'Intercom'],
commonVendorCategories: ['SUPPORT', 'CRM'],
},
{
id: 'tpl-cs-satisfaction',
category: 'CUSTOMER_SERVICE',
name: {
de: 'Kundenzufriedenheitsbefragungen',
en: 'Customer Satisfaction Surveys',
},
description: {
de: 'Durchführung von Umfragen zur Messung der Kundenzufriedenheit',
en: 'Conducting surveys to measure customer satisfaction',
},
purposes: [
{ de: 'Messung der Kundenzufriedenheit', en: 'Measuring customer satisfaction' },
{ de: 'Qualitätsverbesserung', en: 'Quality improvement' },
],
dataSubjectCategories: ['CUSTOMERS'],
personalDataCategories: ['NAME', 'CONTACT', 'USAGE_DATA'],
suggestedLegalBasis: ['CONSENT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 2,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['SurveyMonkey', 'Typeform', 'NPS-Tools'],
commonVendorCategories: ['ANALYTICS', 'MARKETING'],
},
// ==========================================
// WEBSITE & APPS
// ==========================================
{
id: 'tpl-web-analytics',
category: 'WEBSITE',
name: {
de: 'Web-Analyse',
en: 'Web Analytics',
},
description: {
de: 'Analyse des Nutzerverhaltens auf der Website zur Optimierung',
en: 'Analyzing user behavior on the website for optimization',
},
purposes: [
{ de: 'Analyse des Nutzerverhaltens', en: 'Analyzing user behavior' },
{ de: 'Website-Optimierung', en: 'Website optimization' },
{ de: 'Conversion-Tracking', en: 'Conversion tracking' },
],
dataSubjectCategories: ['WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'DEVICE_ID', 'USAGE_DATA', 'LOCATION_DATA'],
suggestedLegalBasis: ['CONSENT'],
suggestedRetentionYears: 2,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Google Analytics', 'Matomo', 'Plausible'],
commonVendorCategories: ['ANALYTICS'],
},
{
id: 'tpl-web-contact-form',
category: 'WEBSITE',
name: {
de: 'Kontaktformular',
en: 'Contact Form',
},
description: {
de: 'Verarbeitung von Anfragen über das Website-Kontaktformular',
en: 'Processing inquiries submitted via the website contact form',
},
purposes: [
{ de: 'Bearbeitung von Kontaktanfragen', en: 'Processing contact inquiries' },
{ de: 'Kommunikation mit Interessenten', en: 'Communication with prospects' },
],
dataSubjectCategories: ['PROSPECTIVE_CUSTOMERS', 'WEBSITE_USERS'],
personalDataCategories: ['NAME', 'CONTACT', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['CRM', 'E-Mail-System'],
commonVendorCategories: ['CRM', 'EMAIL'],
},
{
id: 'tpl-web-user-accounts',
category: 'WEBSITE',
name: {
de: 'Benutzerkonten / Kundenportal',
en: 'User Accounts / Customer Portal',
},
description: {
de: 'Verwaltung von Benutzerkonten im Kundenportal oder Online-Shop',
en: 'Managing user accounts in customer portal or online shop',
},
purposes: [
{ de: 'Bereitstellung des Kundenportals', en: 'Providing customer portal' },
{ de: 'Benutzerverwaltung', en: 'User management' },
{ de: 'Personalisierung', en: 'Personalization' },
],
dataSubjectCategories: ['CUSTOMERS', 'APP_USERS'],
personalDataCategories: ['NAME', 'CONTACT', 'LOGIN_DATA', 'USAGE_DATA', 'CONTRACT_DATA'],
suggestedLegalBasis: ['CONTRACT'],
suggestedRetentionYears: 1, // Nach Kontoschließung
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['E-Commerce', 'CRM', 'Auth0'],
commonVendorCategories: ['HOSTING', 'CRM', 'SECURITY'],
},
{
id: 'tpl-web-cookies',
category: 'WEBSITE',
name: {
de: 'Cookie-Verwaltung',
en: 'Cookie Management',
},
description: {
de: 'Verwaltung von Cookies und Einholung von Cookie-Einwilligungen',
en: 'Managing cookies and obtaining cookie consents',
},
purposes: [
{ de: 'Speicherung von Cookie-Präferenzen', en: 'Storing cookie preferences' },
{ de: 'Einwilligungsmanagement', en: 'Consent management' },
],
dataSubjectCategories: ['WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'DEVICE_ID', 'USAGE_DATA'],
suggestedLegalBasis: ['CONSENT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['Cookiebot', 'Usercentrics', 'OneTrust'],
commonVendorCategories: ['ANALYTICS', 'SECURITY'],
},
// ==========================================
// GENERAL
// ==========================================
{
id: 'tpl-gen-communication',
category: 'GENERAL',
name: {
de: 'Geschäftliche Kommunikation',
en: 'Business Communication',
},
description: {
de: 'E-Mail-Kommunikation, Telefonie und Messaging im Geschäftsverkehr',
en: 'Email communication, telephony, and messaging in business operations',
},
purposes: [
{ de: 'Geschäftliche Kommunikation', en: 'Business communication' },
{ de: 'Dokumentation von Korrespondenz', en: 'Documentation of correspondence' },
],
dataSubjectCategories: ['CUSTOMERS', 'SUPPLIERS', 'BUSINESS_PARTNERS', 'EMPLOYEES'],
personalDataCategories: ['NAME', 'CONTACT', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 6, // Handelsrechtlich relevant
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Microsoft 365', 'Google Workspace', 'Slack'],
commonVendorCategories: ['EMAIL', 'COMMUNICATION', 'CLOUD_INFRASTRUCTURE'],
},
{
id: 'tpl-gen-visitor',
category: 'GENERAL',
name: {
de: 'Besucherverwaltung',
en: 'Visitor Management',
},
description: {
de: 'Erfassung und Verwaltung von Besuchern in Geschäftsräumen',
en: 'Recording and managing visitors in business premises',
},
purposes: [
{ de: 'Zutrittskontrolle', en: 'Access control' },
{ de: 'Sicherheit', en: 'Security' },
{ de: 'Nachvollziehbarkeit', en: 'Traceability' },
],
dataSubjectCategories: ['VISITORS'],
personalDataCategories: ['NAME', 'CONTACT', 'PHOTO_VIDEO'],
suggestedLegalBasis: ['LEGITIMATE_INTEREST'],
suggestedRetentionYears: 0.1, // 1 Monat
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['Besuchermanagement-System'],
commonVendorCategories: ['SECURITY'],
},
{
id: 'tpl-gen-supplier',
category: 'GENERAL',
name: {
de: 'Lieferantenverwaltung',
en: 'Supplier Management',
},
description: {
de: 'Verwaltung von Lieferantenbeziehungen und Beschaffung',
en: 'Managing supplier relationships and procurement',
},
purposes: [
{ de: 'Lieferantenverwaltung', en: 'Supplier management' },
{ de: 'Beschaffung', en: 'Procurement' },
{ de: 'Qualitätsmanagement', en: 'Quality management' },
],
dataSubjectCategories: ['SUPPLIERS', 'BUSINESS_PARTNERS'],
personalDataCategories: ['NAME', 'CONTACT', 'ADDRESS', 'CONTRACT_DATA', 'BANK_ACCOUNT'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 10,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['ERP', 'Lieferantenportal'],
commonVendorCategories: ['ERP'],
},
{
id: 'tpl-gen-whistleblower',
category: 'GENERAL',
name: {
de: 'Hinweisgebersystem',
en: 'Whistleblower System',
},
description: {
de: 'Entgegennahme und Bearbeitung von Hinweisen gemäß Hinweisgeberschutzgesetz',
en: 'Receiving and processing reports according to whistleblower protection law',
},
purposes: [
{ de: 'Entgegennahme von Hinweisen', en: 'Receiving reports' },
{ de: 'Untersuchung von Verstößen', en: 'Investigating violations' },
{ de: 'Schutz von Hinweisgebern', en: 'Protecting whistleblowers' },
],
dataSubjectCategories: ['EMPLOYEES', 'BUSINESS_PARTNERS'],
personalDataCategories: ['NAME', 'CONTACT', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['LEGAL_OBLIGATION'],
suggestedRetentionYears: 3,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: true,
commonSystems: ['Hinweisgeberportal'],
commonVendorCategories: ['SECURITY', 'LEGAL'],
},
]
/**
* Get templates by category
*/
export function getTemplatesByCategory(
category: ProcessingActivityCategory
): ProcessingActivityTemplate[] {
return PROCESSING_ACTIVITY_TEMPLATES.filter((t) => t.category === category)
}
/**
* Get template by ID
*/
export function getTemplateById(id: string): ProcessingActivityTemplate | undefined {
return PROCESSING_ACTIVITY_TEMPLATES.find((t) => t.id === id)
}
/**
* Get all categories with their templates
*/
export function getGroupedTemplates(): Map<ProcessingActivityCategory, ProcessingActivityTemplate[]> {
const grouped = new Map<ProcessingActivityCategory, ProcessingActivityTemplate[]>()
for (const template of PROCESSING_ACTIVITY_TEMPLATES) {
const existing = grouped.get(template.category) || []
grouped.set(template.category, [...existing, template])
}
return grouped
}
/**
* Create form data from template
*/
export function createFormDataFromTemplate(
template: ProcessingActivityTemplate,
organizationDefaults?: {
responsible?: ProcessingActivityFormData['responsible']
dpoContact?: ProcessingActivityFormData['dpoContact']
}
): Partial<ProcessingActivityFormData> {
return {
vvtId: '', // Will be generated
name: template.name,
purposes: template.purposes,
dataSubjectCategories: template.dataSubjectCategories,
personalDataCategories: template.personalDataCategories,
legalBasis: template.suggestedLegalBasis.map((type) => ({ type })),
protectionLevel: template.suggestedProtectionLevel,
dpiaRequired: template.dpiaLikely,
retentionPeriod: {
duration: template.suggestedRetentionYears,
durationUnit: 'YEARS',
description: { de: '', en: '' },
},
recipientCategories: [],
thirdCountryTransfers: [],
technicalMeasures: [],
dataSources: [],
systems: [],
dataFlows: [],
subProcessors: [],
owner: '',
responsible: organizationDefaults?.responsible,
dpoContact: organizationDefaults?.dpoContact,
}
}
export * from './processing-activities/types'
export * from './processing-activities/hr-sales'
export * from './processing-activities/marketing-finance'
export * from './processing-activities/it-customer-web-general'
export * from './processing-activities/helpers'

87
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities/helpers.ts Normal file
View File

@@ -0,0 +1,87 @@
/**
* Processing Activities — Helper Functions
*/
import type { ProcessingActivityFormData } from '../../types'
import type { ProcessingActivityTemplate, ProcessingActivityCategory } from './types'
import { HR_TEMPLATES, SALES_TEMPLATES } from './hr-sales'
import { MARKETING_TEMPLATES, FINANCE_TEMPLATES } from './marketing-finance'
import { IT_TEMPLATES, CUSTOMER_SERVICE_TEMPLATES, WEBSITE_TEMPLATES, GENERAL_TEMPLATES } from './it-customer-web-general'
export const PROCESSING_ACTIVITY_TEMPLATES: ProcessingActivityTemplate[] = [
...HR_TEMPLATES,
...SALES_TEMPLATES,
...MARKETING_TEMPLATES,
...FINANCE_TEMPLATES,
...IT_TEMPLATES,
...CUSTOMER_SERVICE_TEMPLATES,
...WEBSITE_TEMPLATES,
...GENERAL_TEMPLATES,
]
/**
* Get templates by category
*/
export function getTemplatesByCategory(
category: ProcessingActivityCategory
): ProcessingActivityTemplate[] {
return PROCESSING_ACTIVITY_TEMPLATES.filter((t) => t.category === category)
}
/**
* Get template by ID
*/
export function getTemplateById(id: string): ProcessingActivityTemplate | undefined {
return PROCESSING_ACTIVITY_TEMPLATES.find((t) => t.id === id)
}
/**
* Get all categories with their templates
*/
export function getGroupedTemplates(): Map<ProcessingActivityCategory, ProcessingActivityTemplate[]> {
const grouped = new Map<ProcessingActivityCategory, ProcessingActivityTemplate[]>()
for (const template of PROCESSING_ACTIVITY_TEMPLATES) {
const existing = grouped.get(template.category) || []
grouped.set(template.category, [...existing, template])
}
return grouped
}
/**
* Create form data from template
*/
export function createFormDataFromTemplate(
template: ProcessingActivityTemplate,
organizationDefaults?: {
responsible?: ProcessingActivityFormData['responsible']
dpoContact?: ProcessingActivityFormData['dpoContact']
}
): Partial<ProcessingActivityFormData> {
return {
vvtId: '',
name: template.name,
purposes: template.purposes,
dataSubjectCategories: template.dataSubjectCategories,
personalDataCategories: template.personalDataCategories,
legalBasis: template.suggestedLegalBasis.map((type) => ({ type })),
protectionLevel: template.suggestedProtectionLevel,
dpiaRequired: template.dpiaLikely,
retentionPeriod: {
duration: template.suggestedRetentionYears,
durationUnit: 'YEARS',
description: { de: '', en: '' },
},
recipientCategories: [],
thirdCountryTransfers: [],
technicalMeasures: [],
dataSources: [],
systems: [],
dataFlows: [],
subProcessors: [],
owner: '',
responsible: organizationDefaults?.responsible,
dpoContact: organizationDefaults?.dpoContact,
}
}

200
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities/hr-sales.ts Normal file
View File

@@ -0,0 +1,200 @@
/**
* Processing Activities — HR & Sales Templates
*/
import { ProcessingActivityTemplate } from './types'
export const HR_TEMPLATES: ProcessingActivityTemplate[] = [
{
id: 'tpl-hr-recruitment',
category: 'HR',
name: {
de: 'Bewerbermanagement',
en: 'Recruitment Management',
},
description: {
de: 'Verarbeitung von Bewerberdaten im Rahmen des Recruiting-Prozesses',
en: 'Processing of applicant data as part of the recruitment process',
},
purposes: [
{ de: 'Durchführung des Bewerbungsverfahrens', en: 'Conducting the application process' },
{ de: 'Prüfung der Eignung', en: 'Assessing suitability' },
{ de: 'Aufbau eines Talentpools (bei Einwilligung)', en: 'Building a talent pool (with consent)' },
],
dataSubjectCategories: ['APPLICANTS'],
personalDataCategories: [
'NAME', 'CONTACT', 'ADDRESS', 'DOB', 'EDUCATION_DATA',
'EMPLOYMENT_DATA', 'PHOTO_VIDEO',
],
suggestedLegalBasis: ['CONTRACT', 'CONSENT'],
suggestedRetentionYears: 0.5,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['E-Recruiting', 'Personio', 'Workday'],
commonVendorCategories: ['HR_SOFTWARE', 'CLOUD_INFRASTRUCTURE'],
},
{
id: 'tpl-hr-personnel',
category: 'HR',
name: {
de: 'Personalverwaltung',
en: 'Personnel Administration',
},
description: {
de: 'Führung der Personalakte und Verwaltung des Beschäftigungsverhältnisses',
en: 'Maintaining personnel files and managing employment relationships',
},
purposes: [
{ de: 'Führung der Personalakte', en: 'Maintaining personnel files' },
{ de: 'Durchführung des Arbeitsverhältnisses', en: 'Executing the employment relationship' },
{ de: 'Erfüllung gesetzlicher Pflichten', en: 'Fulfilling legal obligations' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: [
'NAME', 'CONTACT', 'ADDRESS', 'DOB', 'ID_NUMBER',
'SOCIAL_SECURITY', 'TAX_ID', 'BANK_ACCOUNT', 'EMPLOYMENT_DATA',
'SALARY_DATA', 'EDUCATION_DATA', 'PHOTO_VIDEO',
],
suggestedLegalBasis: ['CONTRACT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 10,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['SAP HCM', 'Personio', 'DATEV'],
commonVendorCategories: ['HR_SOFTWARE', 'ERP'],
},
{
id: 'tpl-hr-payroll',
category: 'HR',
name: {
de: 'Lohn- und Gehaltsabrechnung',
en: 'Payroll Processing',
},
description: {
de: 'Berechnung und Auszahlung von Gehältern, Abführung von Steuern und Sozialabgaben',
en: 'Calculation and payment of salaries, tax and social security contributions',
},
purposes: [
{ de: 'Gehaltsberechnung und -auszahlung', en: 'Salary calculation and payment' },
{ de: 'Abführung von Lohnsteuer und Sozialabgaben', en: 'Payment of payroll taxes and social contributions' },
{ de: 'Erstellung von Lohnabrechnungen', en: 'Creating payslips' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: [
'NAME', 'ADDRESS', 'DOB', 'SOCIAL_SECURITY', 'TAX_ID',
'BANK_ACCOUNT', 'SALARY_DATA', 'EMPLOYMENT_DATA',
],
suggestedLegalBasis: ['CONTRACT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 10,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['DATEV', 'SAP', 'Lexware'],
commonVendorCategories: ['ACCOUNTING', 'HR_SOFTWARE'],
},
{
id: 'tpl-hr-time-tracking',
category: 'HR',
name: {
de: 'Arbeitszeiterfassung',
en: 'Time Tracking',
},
description: {
de: 'Erfassung der Arbeitszeiten zur Einhaltung des Arbeitszeitgesetzes',
en: 'Recording working hours for compliance with working time regulations',
},
purposes: [
{ de: 'Erfassung der Arbeitszeiten', en: 'Recording working hours' },
{ de: 'Einhaltung des Arbeitszeitgesetzes', en: 'Compliance with working time regulations' },
{ de: 'Grundlage für Gehaltsabrechnung', en: 'Basis for payroll' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: ['NAME', 'EMPLOYMENT_DATA', 'USAGE_DATA'],
suggestedLegalBasis: ['LEGAL_OBLIGATION', 'CONTRACT'],
suggestedRetentionYears: 2,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['ATOSS', 'Clockodo', 'Toggl'],
commonVendorCategories: ['HR_SOFTWARE'],
},
{
id: 'tpl-hr-health-management',
category: 'HR',
name: {
de: 'Betriebliches Gesundheitsmanagement',
en: 'Occupational Health Management',
},
description: {
de: 'Verwaltung von Arbeitsunfähigkeitsbescheinigungen und betriebsärztlichen Untersuchungen',
en: 'Management of sick notes and occupational health examinations',
},
purposes: [
{ de: 'Verwaltung von Krankmeldungen', en: 'Managing sick leave' },
{ de: 'Organisation betriebsärztlicher Untersuchungen', en: 'Organizing occupational health examinations' },
{ de: 'Betriebliches Eingliederungsmanagement', en: 'Occupational reintegration management' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: ['NAME', 'EMPLOYMENT_DATA', 'HEALTH_DATA'],
suggestedLegalBasis: ['ART9_EMPLOYMENT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 3,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: true,
commonSystems: ['HR-Software', 'BEM-System'],
commonVendorCategories: ['HR_SOFTWARE', 'CONSULTING'],
},
]
export const SALES_TEMPLATES: ProcessingActivityTemplate[] = [
{
id: 'tpl-sales-crm',
category: 'SALES',
name: {
de: 'Kundenbeziehungsmanagement (CRM)',
en: 'Customer Relationship Management (CRM)',
},
description: {
de: 'Verwaltung von Kundenbeziehungen, Kontakthistorie und Verkaufschancen',
en: 'Managing customer relationships, contact history, and sales opportunities',
},
purposes: [
{ de: 'Pflege von Kundenbeziehungen', en: 'Maintaining customer relationships' },
{ de: 'Dokumentation von Kundenkontakten', en: 'Documenting customer contacts' },
{ de: 'Vertriebssteuerung', en: 'Sales management' },
],
dataSubjectCategories: ['CUSTOMERS', 'PROSPECTIVE_CUSTOMERS', 'BUSINESS_PARTNERS'],
personalDataCategories: [
'NAME', 'CONTACT', 'ADDRESS', 'CONTRACT_DATA', 'COMMUNICATION_DATA',
],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 3,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Salesforce', 'HubSpot', 'Pipedrive', 'Microsoft Dynamics'],
commonVendorCategories: ['CRM'],
},
{
id: 'tpl-sales-contract-management',
category: 'SALES',
name: {
de: 'Vertragsmanagement',
en: 'Contract Management',
},
description: {
de: 'Verwaltung von Kundenverträgen, Angeboten und Aufträgen',
en: 'Managing customer contracts, quotes, and orders',
},
purposes: [
{ de: 'Erstellung und Verwaltung von Verträgen', en: 'Creating and managing contracts' },
{ de: 'Angebotsverfolgung', en: 'Quote tracking' },
{ de: 'Auftragsabwicklung', en: 'Order processing' },
],
dataSubjectCategories: ['CUSTOMERS', 'BUSINESS_PARTNERS'],
personalDataCategories: [
'NAME', 'CONTACT', 'ADDRESS', 'CONTRACT_DATA', 'PAYMENT_DATA',
],
suggestedLegalBasis: ['CONTRACT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 10,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['ERP', 'CRM', 'Vertragsverwaltung'],
commonVendorCategories: ['ERP', 'CRM'],
},
]

363
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities/it-customer-web-general.ts Normal file
View File

@@ -0,0 +1,363 @@
/**
* Processing Activities — IT, Customer Service, Website & General Templates
*/
import { ProcessingActivityTemplate } from './types'
export const IT_TEMPLATES: ProcessingActivityTemplate[] = [
{
id: 'tpl-it-user-management',
category: 'IT',
name: {
de: 'IT-Benutzerverwaltung',
en: 'IT User Management',
},
description: {
de: 'Verwaltung von Benutzerkonten, Zugriffsrechten und Authentifizierung',
en: 'Managing user accounts, access rights, and authentication',
},
purposes: [
{ de: 'Verwaltung von Benutzerkonten', en: 'Managing user accounts' },
{ de: 'Zugriffssteuerung', en: 'Access control' },
{ de: 'Single Sign-On', en: 'Single Sign-On' },
],
dataSubjectCategories: ['EMPLOYEES'],
personalDataCategories: ['NAME', 'CONTACT', 'LOGIN_DATA', 'USAGE_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['Active Directory', 'Okta', 'Azure AD'],
commonVendorCategories: ['SECURITY', 'CLOUD_INFRASTRUCTURE'],
},
{
id: 'tpl-it-logging',
category: 'IT',
name: {
de: 'IT-Protokollierung',
en: 'IT Logging',
},
description: {
de: 'Protokollierung von IT-Aktivitäten zur Sicherheit und Fehleranalyse',
en: 'Logging IT activities for security and error analysis',
},
purposes: [
{ de: 'Sicherheitsüberwachung', en: 'Security monitoring' },
{ de: 'Fehleranalyse', en: 'Error analysis' },
{ de: 'Nachvollziehbarkeit', en: 'Traceability' },
],
dataSubjectCategories: ['EMPLOYEES', 'CUSTOMERS', 'WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'DEVICE_ID', 'USAGE_DATA', 'LOGIN_DATA'],
suggestedLegalBasis: ['LEGITIMATE_INTEREST'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Splunk', 'ELK Stack', 'Datadog'],
commonVendorCategories: ['SECURITY', 'ANALYTICS'],
},
{
id: 'tpl-it-video-surveillance',
category: 'IT',
name: {
de: 'Videoüberwachung',
en: 'Video Surveillance',
},
description: {
de: 'Videoüberwachung von Geschäftsräumen zum Schutz vor Diebstahl und Vandalismus',
en: 'Video surveillance of business premises for theft and vandalism prevention',
},
purposes: [
{ de: 'Schutz vor Diebstahl und Vandalismus', en: 'Protection against theft and vandalism' },
{ de: 'Zugangskontrolle', en: 'Access control' },
{ de: 'Beweissicherung', en: 'Evidence preservation' },
],
dataSubjectCategories: ['EMPLOYEES', 'VISITORS', 'CUSTOMERS'],
personalDataCategories: ['PHOTO_VIDEO', 'BIOMETRIC_DATA'],
suggestedLegalBasis: ['LEGITIMATE_INTEREST'],
suggestedRetentionYears: 0.1,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: true,
commonSystems: ['CCTV-System'],
commonVendorCategories: ['SECURITY'],
},
{
id: 'tpl-it-backup',
category: 'IT',
name: {
de: 'Datensicherung (Backup)',
en: 'Data Backup',
},
description: {
de: 'Regelmäßige Sicherung von Unternehmensdaten',
en: 'Regular backup of company data',
},
purposes: [
{ de: 'Datensicherung', en: 'Data backup' },
{ de: 'Disaster Recovery', en: 'Disaster Recovery' },
{ de: 'Geschäftskontinuität', en: 'Business continuity' },
],
dataSubjectCategories: ['EMPLOYEES', 'CUSTOMERS', 'SUPPLIERS'],
personalDataCategories: ['NAME', 'CONTACT', 'CONTRACT_DATA', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['LEGITIMATE_INTEREST', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['Veeam', 'AWS Backup', 'Azure Backup'],
commonVendorCategories: ['BACKUP', 'CLOUD_INFRASTRUCTURE'],
},
]
export const CUSTOMER_SERVICE_TEMPLATES: ProcessingActivityTemplate[] = [
{
id: 'tpl-cs-support',
category: 'CUSTOMER_SERVICE',
name: {
de: 'Kundenbetreuung und Support',
en: 'Customer Support',
},
description: {
de: 'Bearbeitung von Kundenanfragen, Beschwerden und Support-Tickets',
en: 'Handling customer inquiries, complaints, and support tickets',
},
purposes: [
{ de: 'Bearbeitung von Kundenanfragen', en: 'Handling customer inquiries' },
{ de: 'Beschwerdemanagement', en: 'Complaint management' },
{ de: 'Technischer Support', en: 'Technical support' },
],
dataSubjectCategories: ['CUSTOMERS'],
personalDataCategories: ['NAME', 'CONTACT', 'CONTRACT_DATA', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 3,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Zendesk', 'Freshdesk', 'Intercom'],
commonVendorCategories: ['SUPPORT', 'CRM'],
},
{
id: 'tpl-cs-satisfaction',
category: 'CUSTOMER_SERVICE',
name: {
de: 'Kundenzufriedenheitsbefragungen',
en: 'Customer Satisfaction Surveys',
},
description: {
de: 'Durchführung von Umfragen zur Messung der Kundenzufriedenheit',
en: 'Conducting surveys to measure customer satisfaction',
},
purposes: [
{ de: 'Messung der Kundenzufriedenheit', en: 'Measuring customer satisfaction' },
{ de: 'Qualitätsverbesserung', en: 'Quality improvement' },
],
dataSubjectCategories: ['CUSTOMERS'],
personalDataCategories: ['NAME', 'CONTACT', 'USAGE_DATA'],
suggestedLegalBasis: ['CONSENT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 2,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['SurveyMonkey', 'Typeform', 'NPS-Tools'],
commonVendorCategories: ['ANALYTICS', 'MARKETING'],
},
]
export const WEBSITE_TEMPLATES: ProcessingActivityTemplate[] = [
{
id: 'tpl-web-analytics',
category: 'WEBSITE',
name: {
de: 'Web-Analyse',
en: 'Web Analytics',
},
description: {
de: 'Analyse des Nutzerverhaltens auf der Website zur Optimierung',
en: 'Analyzing user behavior on the website for optimization',
},
purposes: [
{ de: 'Analyse des Nutzerverhaltens', en: 'Analyzing user behavior' },
{ de: 'Website-Optimierung', en: 'Website optimization' },
{ de: 'Conversion-Tracking', en: 'Conversion tracking' },
],
dataSubjectCategories: ['WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'DEVICE_ID', 'USAGE_DATA', 'LOCATION_DATA'],
suggestedLegalBasis: ['CONSENT'],
suggestedRetentionYears: 2,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Google Analytics', 'Matomo', 'Plausible'],
commonVendorCategories: ['ANALYTICS'],
},
{
id: 'tpl-web-contact-form',
category: 'WEBSITE',
name: {
de: 'Kontaktformular',
en: 'Contact Form',
},
description: {
de: 'Verarbeitung von Anfragen über das Website-Kontaktformular',
en: 'Processing inquiries submitted via the website contact form',
},
purposes: [
{ de: 'Bearbeitung von Kontaktanfragen', en: 'Processing contact inquiries' },
{ de: 'Kommunikation mit Interessenten', en: 'Communication with prospects' },
],
dataSubjectCategories: ['PROSPECTIVE_CUSTOMERS', 'WEBSITE_USERS'],
personalDataCategories: ['NAME', 'CONTACT', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['CRM', 'E-Mail-System'],
commonVendorCategories: ['CRM', 'EMAIL'],
},
{
id: 'tpl-web-user-accounts',
category: 'WEBSITE',
name: {
de: 'Benutzerkonten / Kundenportal',
en: 'User Accounts / Customer Portal',
},
description: {
de: 'Verwaltung von Benutzerkonten im Kundenportal oder Online-Shop',
en: 'Managing user accounts in customer portal or online shop',
},
purposes: [
{ de: 'Bereitstellung des Kundenportals', en: 'Providing customer portal' },
{ de: 'Benutzerverwaltung', en: 'User management' },
{ de: 'Personalisierung', en: 'Personalization' },
],
dataSubjectCategories: ['CUSTOMERS', 'APP_USERS'],
personalDataCategories: ['NAME', 'CONTACT', 'LOGIN_DATA', 'USAGE_DATA', 'CONTRACT_DATA'],
suggestedLegalBasis: ['CONTRACT'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['E-Commerce', 'CRM', 'Auth0'],
commonVendorCategories: ['HOSTING', 'CRM', 'SECURITY'],
},
{
id: 'tpl-web-cookies',
category: 'WEBSITE',
name: {
de: 'Cookie-Verwaltung',
en: 'Cookie Management',
},
description: {
de: 'Verwaltung von Cookies und Einholung von Cookie-Einwilligungen',
en: 'Managing cookies and obtaining cookie consents',
},
purposes: [
{ de: 'Speicherung von Cookie-Präferenzen', en: 'Storing cookie preferences' },
{ de: 'Einwilligungsmanagement', en: 'Consent management' },
],
dataSubjectCategories: ['WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'DEVICE_ID', 'USAGE_DATA'],
suggestedLegalBasis: ['CONSENT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['Cookiebot', 'Usercentrics', 'OneTrust'],
commonVendorCategories: ['ANALYTICS', 'SECURITY'],
},
]
export const GENERAL_TEMPLATES: ProcessingActivityTemplate[] = [
{
id: 'tpl-gen-communication',
category: 'GENERAL',
name: {
de: 'Geschäftliche Kommunikation',
en: 'Business Communication',
},
description: {
de: 'E-Mail-Kommunikation, Telefonie und Messaging im Geschäftsverkehr',
en: 'Email communication, telephony, and messaging in business operations',
},
purposes: [
{ de: 'Geschäftliche Kommunikation', en: 'Business communication' },
{ de: 'Dokumentation von Korrespondenz', en: 'Documentation of correspondence' },
],
dataSubjectCategories: ['CUSTOMERS', 'SUPPLIERS', 'BUSINESS_PARTNERS', 'EMPLOYEES'],
personalDataCategories: ['NAME', 'CONTACT', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 6,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['Microsoft 365', 'Google Workspace', 'Slack'],
commonVendorCategories: ['EMAIL', 'COMMUNICATION', 'CLOUD_INFRASTRUCTURE'],
},
{
id: 'tpl-gen-visitor',
category: 'GENERAL',
name: {
de: 'Besucherverwaltung',
en: 'Visitor Management',
},
description: {
de: 'Erfassung und Verwaltung von Besuchern in Geschäftsräumen',
en: 'Recording and managing visitors in business premises',
},
purposes: [
{ de: 'Zutrittskontrolle', en: 'Access control' },
{ de: 'Sicherheit', en: 'Security' },
{ de: 'Nachvollziehbarkeit', en: 'Traceability' },
],
dataSubjectCategories: ['VISITORS'],
personalDataCategories: ['NAME', 'CONTACT', 'PHOTO_VIDEO'],
suggestedLegalBasis: ['LEGITIMATE_INTEREST'],
suggestedRetentionYears: 0.1,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['Besuchermanagement-System'],
commonVendorCategories: ['SECURITY'],
},
{
id: 'tpl-gen-supplier',
category: 'GENERAL',
name: {
de: 'Lieferantenverwaltung',
en: 'Supplier Management',
},
description: {
de: 'Verwaltung von Lieferantenbeziehungen und Beschaffung',
en: 'Managing supplier relationships and procurement',
},
purposes: [
{ de: 'Lieferantenverwaltung', en: 'Supplier management' },
{ de: 'Beschaffung', en: 'Procurement' },
{ de: 'Qualitätsmanagement', en: 'Quality management' },
],
dataSubjectCategories: ['SUPPLIERS', 'BUSINESS_PARTNERS'],
personalDataCategories: ['NAME', 'CONTACT', 'ADDRESS', 'CONTRACT_DATA', 'BANK_ACCOUNT'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 10,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['ERP', 'Lieferantenportal'],
commonVendorCategories: ['ERP'],
},
{
id: 'tpl-gen-whistleblower',
category: 'GENERAL',
name: {
de: 'Hinweisgebersystem',
en: 'Whistleblower System',
},
description: {
de: 'Entgegennahme und Bearbeitung von Hinweisen gemäß Hinweisgeberschutzgesetz',
en: 'Receiving and processing reports according to whistleblower protection law',
},
purposes: [
{ de: 'Entgegennahme von Hinweisen', en: 'Receiving reports' },
{ de: 'Untersuchung von Verstößen', en: 'Investigating violations' },
{ de: 'Schutz von Hinweisgebern', en: 'Protecting whistleblowers' },
],
dataSubjectCategories: ['EMPLOYEES', 'BUSINESS_PARTNERS'],
personalDataCategories: ['NAME', 'CONTACT', 'COMMUNICATION_DATA'],
suggestedLegalBasis: ['LEGAL_OBLIGATION'],
suggestedRetentionYears: 3,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: true,
commonSystems: ['Hinweisgeberportal'],
commonVendorCategories: ['SECURITY', 'LEGAL'],
},
]

137
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities/marketing-finance.ts Normal file
View File

@@ -0,0 +1,137 @@
/**
* Processing Activities — Marketing & Finance Templates
*/
import { ProcessingActivityTemplate } from './types'
export const MARKETING_TEMPLATES: ProcessingActivityTemplate[] = [
{
id: 'tpl-marketing-newsletter',
category: 'MARKETING',
name: {
de: 'Newsletter-Versand',
en: 'Newsletter Distribution',
},
description: {
de: 'Versand von E-Mail-Newslettern und Marketing-Kommunikation',
en: 'Sending email newsletters and marketing communications',
},
purposes: [
{ de: 'Versand von Newsletter und Marketing-E-Mails', en: 'Sending newsletters and marketing emails' },
{ de: 'Messung von Öffnungs- und Klickraten', en: 'Measuring open and click rates' },
],
dataSubjectCategories: ['NEWSLETTER_SUBSCRIBERS', 'CUSTOMERS'],
personalDataCategories: ['NAME', 'CONTACT', 'USAGE_DATA'],
suggestedLegalBasis: ['CONSENT'],
suggestedRetentionYears: 0,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['Mailchimp', 'CleverReach', 'Sendinblue'],
commonVendorCategories: ['EMAIL', 'MARKETING'],
},
{
id: 'tpl-marketing-advertising',
category: 'MARKETING',
name: {
de: 'Online-Werbung',
en: 'Online Advertising',
},
description: {
de: 'Schaltung und Auswertung von Online-Werbeanzeigen',
en: 'Running and analyzing online advertisements',
},
purposes: [
{ de: 'Schaltung von Online-Werbung', en: 'Running online advertisements' },
{ de: 'Conversion-Tracking', en: 'Conversion tracking' },
{ de: 'Retargeting', en: 'Retargeting' },
],
dataSubjectCategories: ['WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'DEVICE_ID', 'USAGE_DATA'],
suggestedLegalBasis: ['CONSENT'],
suggestedRetentionYears: 1,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: true,
commonSystems: ['Google Ads', 'Meta Ads', 'LinkedIn Ads'],
commonVendorCategories: ['MARKETING', 'ANALYTICS'],
},
{
id: 'tpl-marketing-events',
category: 'MARKETING',
name: {
de: 'Veranstaltungsmanagement',
en: 'Event Management',
},
description: {
de: 'Organisation und Durchführung von Veranstaltungen, Messen und Webinaren',
en: 'Organizing and conducting events, trade shows, and webinars',
},
purposes: [
{ de: 'Teilnehmerregistrierung', en: 'Participant registration' },
{ de: 'Veranstaltungsdurchführung', en: 'Event execution' },
{ de: 'Nachbereitung und Follow-up', en: 'Follow-up activities' },
],
dataSubjectCategories: ['CUSTOMERS', 'PROSPECTIVE_CUSTOMERS', 'BUSINESS_PARTNERS'],
personalDataCategories: ['NAME', 'CONTACT', 'ADDRESS', 'PHOTO_VIDEO'],
suggestedLegalBasis: ['CONTRACT', 'CONSENT'],
suggestedRetentionYears: 2,
suggestedProtectionLevel: 'LOW',
dpiaLikely: false,
commonSystems: ['Eventbrite', 'GoToWebinar', 'Zoom'],
commonVendorCategories: ['MARKETING', 'COMMUNICATION'],
},
]
export const FINANCE_TEMPLATES: ProcessingActivityTemplate[] = [
{
id: 'tpl-finance-accounting',
category: 'FINANCE',
name: {
de: 'Finanzbuchhaltung',
en: 'Financial Accounting',
},
description: {
de: 'Führung der Finanzbuchhaltung, Rechnungsstellung und Zahlungsabwicklung',
en: 'Financial accounting, invoicing, and payment processing',
},
purposes: [
{ de: 'Buchführung und Rechnungswesen', en: 'Bookkeeping and accounting' },
{ de: 'Rechnungsstellung', en: 'Invoicing' },
{ de: 'Zahlungsabwicklung', en: 'Payment processing' },
],
dataSubjectCategories: ['CUSTOMERS', 'SUPPLIERS', 'BUSINESS_PARTNERS'],
personalDataCategories: [
'NAME', 'ADDRESS', 'BANK_ACCOUNT', 'PAYMENT_DATA', 'CONTRACT_DATA', 'TAX_ID',
],
suggestedLegalBasis: ['CONTRACT', 'LEGAL_OBLIGATION'],
suggestedRetentionYears: 10,
suggestedProtectionLevel: 'HIGH',
dpiaLikely: false,
commonSystems: ['DATEV', 'SAP', 'Lexware', 'Xero'],
commonVendorCategories: ['ACCOUNTING', 'ERP'],
},
{
id: 'tpl-finance-debt-collection',
category: 'FINANCE',
name: {
de: 'Forderungsmanagement',
en: 'Debt Collection',
},
description: {
de: 'Verwaltung offener Forderungen und Mahnwesen',
en: 'Managing outstanding receivables and dunning',
},
purposes: [
{ de: 'Überwachung offener Forderungen', en: 'Monitoring outstanding receivables' },
{ de: 'Mahnwesen', en: 'Dunning process' },
{ de: 'Inkasso bei Bedarf', en: 'Debt collection if necessary' },
],
dataSubjectCategories: ['CUSTOMERS'],
personalDataCategories: ['NAME', 'ADDRESS', 'CONTACT', 'PAYMENT_DATA', 'CONTRACT_DATA'],
suggestedLegalBasis: ['CONTRACT', 'LEGITIMATE_INTEREST'],
suggestedRetentionYears: 10,
suggestedProtectionLevel: 'MEDIUM',
dpiaLikely: false,
commonSystems: ['ERP', 'Inkasso-Software'],
commonVendorCategories: ['ACCOUNTING', 'LEGAL'],
},
]

48
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities/types.ts Normal file
View File

@@ -0,0 +1,48 @@
/**
* Processing Activities Catalog — Shared Types & Metadata
*/
import {
DataSubjectCategory,
PersonalDataCategory,
LegalBasisType,
ProtectionLevel,
LocalizedText,
} from '../../types'
export interface ProcessingActivityTemplate {
id: string
category: ProcessingActivityCategory
name: LocalizedText
description: LocalizedText
purposes: LocalizedText[]
dataSubjectCategories: DataSubjectCategory[]
personalDataCategories: PersonalDataCategory[]
suggestedLegalBasis: LegalBasisType[]
suggestedRetentionYears: number
suggestedProtectionLevel: ProtectionLevel
dpiaLikely: boolean
commonSystems: string[]
commonVendorCategories: string[]
}
export type ProcessingActivityCategory =
| 'HR' // Human Resources
| 'SALES' // Vertrieb
| 'MARKETING' // Marketing
| 'FINANCE' // Finanzen
| 'IT' // IT & Sicherheit
| 'CUSTOMER_SERVICE' // Kundenservice
| 'WEBSITE' // Website & Apps
| 'GENERAL' // Allgemein
export const PROCESSING_ACTIVITY_CATEGORY_META: Record<ProcessingActivityCategory, LocalizedText> = {
HR: { de: 'Personal', en: 'Human Resources' },
SALES: { de: 'Vertrieb', en: 'Sales' },
MARKETING: { de: 'Marketing', en: 'Marketing' },
FINANCE: { de: 'Finanzen', en: 'Finance' },
IT: { de: 'IT & Sicherheit', en: 'IT & Security' },
CUSTOMER_SERVICE: { de: 'Kundenservice', en: 'Customer Service' },
WEBSITE: { de: 'Website & Apps', en: 'Website & Apps' },
GENERAL: { de: 'Allgemein', en: 'General' },
}