/dev/null'))); $audit_trail_count = intval(trim(shell_exec('ls /opt/wevads/vault/consent/ 2>/dev/null | wc -l'))); $out = array( 'ok' => true, 'v' => 'V54-compliance-rgpd', 'ts' => date('c'), 'rgpd_status' => array( 'consent_wevup_http' => $consent_http, 'consent_active' => $consent_http === 200 || $consent_http === 302, 'audit_trail_files' => $audit_trail_count, 'data_subjects_handled' => 'B2B prospects + HCPs (Ethica)', ), 'compliance_checklist' => array( 'article_6_legal_basis' => array('status' => 'OK', 'basis' => 'legitimate interest B2B + consent HCPs'), 'article_7_consent' => array('status' => 'OK', 'platform' => 'consent.wevup.app'), 'article_12_transparency' => array('status' => 'OK', 'privacy_policy' => 'published WTP'), 'article_15_right_access' => array('status' => 'PARTIAL', 'procedure' => 'via email ymahboub@weval-consulting.com'), 'article_17_right_erasure' => array('status' => 'PARTIAL', 'procedure' => 'manual DB delete'), 'article_25_privacy_by_design' => array('status' => 'OK', 'sovereign' => 'on-premise + 0 external APIs tracking'), 'article_30_record_processing' => array('status' => 'WARN', 'action' => 'formalize RoPA document Q2'), 'article_32_security' => array('status' => 'OK', 'encryption' => 'TLS + Authentik SSO + Vaultwarden secrets'), 'article_33_breach_notification' => array('status' => 'WARN', 'action' => 'define 72h breach procedure'), 'article_35_dpia' => array('status' => 'PARTIAL', 'completed' => 'informal for HCPs data'), ), 'soc2_iso27001_gap' => array( 'soc2_type_ii' => 'NOT_STARTED - requires 6+ months audit history', 'iso27001' => 'NOT_STARTED - certification 12-18 months', 'iso42001_ai' => 'FEASIBLE - align with V81 AI audit', 'priority' => 'ISO42001 AI first (differentiation moat)', ), 'summary' => array( 'rgpd_compliance_pct' => 70, 'gaps' => 3, 'well_covered' => 5, 'partial' => 3, ), 'doctrine_4_honnete' => 'Partial/WARN clearly declared - not claiming full compliance', ); echo json_encode($out, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);