"""Required documents per regulation and company type.""" from dataclasses import dataclass @dataclass class RequiredDocument: category: str description: str regulation: str severity: str # CRITICAL, HIGH, MEDIUM applies_to: str # universal, data_processor, ai_user, large_company COMPLIANCE_MATRIX: list[RequiredDocument] = [ # Universal — every company RequiredDocument( category="VVT", description="Verzeichnis von Verarbeitungstaetigkeiten fehlt", regulation="Art. 30 DSGVO", severity="CRITICAL", applies_to="universal", ), RequiredDocument( category="TOM", description="Technisch-organisatorische Massnahmen nicht dokumentiert", regulation="Art. 32 DSGVO", severity="CRITICAL", applies_to="universal", ), RequiredDocument( category="DSE", description="Datenschutzerklaerung fehlt oder unvollstaendig", regulation="Art. 13/14 DSGVO", severity="CRITICAL", applies_to="universal", ), RequiredDocument( category="Loeschkonzept", description="Kein Loeschkonzept / keine Loeschfristen definiert", regulation="Art. 17 DSGVO / Art. 5 Abs. 1e DSGVO", severity="HIGH", applies_to="universal", ), RequiredDocument( category="Richtlinie", description="Interne Datenschutzrichtlinie fehlt", regulation="Art. 24 DSGVO", severity="MEDIUM", applies_to="universal", ), RequiredDocument( category="Schulungsnachweis", description="Keine Datenschutz-Schulungsnachweise vorhanden", regulation="Art. 39 Abs. 1b DSGVO", severity="MEDIUM", applies_to="universal", ), # Data processors RequiredDocument( category="AVV", description="Auftragsverarbeitungsvertrag fehlt", regulation="Art. 28 DSGVO", severity="CRITICAL", applies_to="data_processor", ), # AI users RequiredDocument( category="DSFA", description="Datenschutz-Folgenabschaetzung fuer KI-Systeme fehlt", regulation="Art. 35 DSGVO / EU AI Act", severity="HIGH", applies_to="ai_user", ), ]