Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
breakpilot-compliance/document-crawler/gap_analysis/compliance_matrix.py
Benjamin Boenisch 364d2c69ff feat: Add Document Crawler & Auto-Onboarding service (Phase 1.4) 
New standalone Python/FastAPI service for automatic compliance document
scanning, LLM-based classification, IPFS archival, and gap analysis.
Includes extractors (PDF, DOCX, XLSX, PPTX), keyword fallback classifier,
compliance matrix, and full REST API on port 8098.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 20:35:15 +01:00

76 lines
2.2 KiB
Python
Raw Permalink Blame History

"""Required documents per regulation and company type."""
from dataclasses import dataclass
@dataclass
class RequiredDocument:
category: str
description: str
regulation: str
severity: str # CRITICAL, HIGH, MEDIUM
applies_to: str # universal, data_processor, ai_user, large_company
COMPLIANCE_MATRIX: list[RequiredDocument] = [
# Universal — every company
RequiredDocument(
category="VVT",
description="Verzeichnis von Verarbeitungstaetigkeiten fehlt",
regulation="Art. 30 DSGVO",
severity="CRITICAL",
applies_to="universal",
),
RequiredDocument(
category="TOM",
description="Technisch-organisatorische Massnahmen nicht dokumentiert",
regulation="Art. 32 DSGVO",
severity="CRITICAL",
applies_to="universal",
),
RequiredDocument(
category="DSE",
description="Datenschutzerklaerung fehlt oder unvollstaendig",
regulation="Art. 13/14 DSGVO",
severity="CRITICAL",
applies_to="universal",
),
RequiredDocument(
category="Loeschkonzept",
description="Kein Loeschkonzept / keine Loeschfristen definiert",
regulation="Art. 17 DSGVO / Art. 5 Abs. 1e DSGVO",
severity="HIGH",
applies_to="universal",
),
RequiredDocument(
category="Richtlinie",
description="Interne Datenschutzrichtlinie fehlt",
regulation="Art. 24 DSGVO",
severity="MEDIUM",
applies_to="universal",
),
RequiredDocument(
category="Schulungsnachweis",
description="Keine Datenschutz-Schulungsnachweise vorhanden",
regulation="Art. 39 Abs. 1b DSGVO",
severity="MEDIUM",
applies_to="universal",
),
# Data processors
RequiredDocument(
category="AVV",
description="Auftragsverarbeitungsvertrag fehlt",
regulation="Art. 28 DSGVO",
severity="CRITICAL",
applies_to="data_processor",
),
# AI users
RequiredDocument(
category="DSFA",
description="Datenschutz-Folgenabschaetzung fuer KI-Systeme fehlt",
regulation="Art. 35 DSGVO / EU AI Act",
severity="HIGH",
applies_to="ai_user",
),
]
Reference in New Issue View Git Blame Copy Permalink