67 lines
2.8 KiB
Bash
Executable File
67 lines
2.8 KiB
Bash
Executable File
#!/bin/bash
|
|
OUT=/var/www/html/api/compliance-ropa-template.json
|
|
cat > $OUT << 'EOJ'
|
|
{
|
|
"document": "Record of Processing Activities (RoPA) - GDPR Article 30",
|
|
"v": "V61_AUTO_GENERATED_TEMPLATE",
|
|
"ts_generated": "AUTO",
|
|
"controller": {
|
|
"name": "WEVAL Consulting",
|
|
"founder": "Yacine Mahboub",
|
|
"dpo": "Yacine Mahboub (acting - to be formalized)",
|
|
"address": "Casablanca, Morocco / Paris, France",
|
|
"email": "ymahboub@weval-consulting.com"
|
|
},
|
|
"processing_activities": [
|
|
{
|
|
"id": "RoPA_001",
|
|
"purpose": "B2B lead generation (prospects commerciaux)",
|
|
"legal_basis": "Art. 6(1)(f) Legitimate Interest",
|
|
"data_subjects": "Business contacts (named contacts at prospect companies)",
|
|
"data_categories": ["name", "business_email", "job_title", "company"],
|
|
"recipients": "internal sales team WEVAL",
|
|
"third_country_transfers": "none - sovereign EU/MA hosting",
|
|
"retention": "5 years after last contact OR opt-out",
|
|
"security_measures": "TLS, Authentik SSO, Vaultwarden secrets, encrypted DB"
|
|
},
|
|
{
|
|
"id": "RoPA_002",
|
|
"purpose": "HCP communications (Ethica client)",
|
|
"legal_basis": "Art. 6(1)(a) Consent via consent.wevup.app",
|
|
"data_subjects": "Healthcare Professionals (Maghreb)",
|
|
"data_categories": ["name", "specialty", "email", "consent_status"],
|
|
"recipients": "Ethica Group (data controller)",
|
|
"third_country_transfers": "none",
|
|
"retention": "until consent withdrawn",
|
|
"security_measures": "same as RoPA_001 + consent audit trail"
|
|
},
|
|
{
|
|
"id": "RoPA_003",
|
|
"purpose": "Employee/founder data",
|
|
"legal_basis": "Art. 6(1)(b) Contract performance",
|
|
"data_subjects": "Founder Yacine",
|
|
"data_categories": ["identity", "contact", "financial"],
|
|
"retention": "10 years (tax law)",
|
|
"security_measures": "same as RoPA_001"
|
|
}
|
|
],
|
|
"breach_procedure_72h": {
|
|
"step_1_detect": "monitoring alerts + SSO logs + Cloudflare WAF",
|
|
"step_2_assess": "scope + risk level + affected subjects",
|
|
"step_3_contain": "isolate + rotate keys + document",
|
|
"step_4_notify_cnil": "if high risk: within 72h via declaration.cnil.fr",
|
|
"step_5_notify_subjects": "if high risk: direct comms",
|
|
"step_6_document": "full post-mortem + lessons learned"
|
|
},
|
|
"dpia_summary": {
|
|
"high_risk_processing": "HCP data (Ethica) - health sector sensitive",
|
|
"systematic_assessment": "done via consent + retention + minimization",
|
|
"balancing_test": "legitimate interest B2B < subject rights (opt-out always respected)"
|
|
},
|
|
"status": "AUTO_TEMPLATE - Yacine reviews + signs + uploads to CNIL declarations",
|
|
"next_step_owner": "Yacine review + sign within Q2 2026"
|
|
}
|
|
EOJ
|
|
chown www-data:www-data $OUT 2>/dev/null
|
|
echo "RoPA template generated"
|