Why
Self-hosted and EU-relevant: GDPR Article 33 mandates breach notification to the supervisory authority within 72 hours, and all breaches must be documented regardless of whether notification is required. Fines reach 10M EUR or 2% of revenue. A built-in workflow plus exposure register is a strong differentiator for the self-hosted EU segment.
Scope
- Exposure register: append-only record of confirmed exposures with affected employees, data categories, detection time, and assessment.
- 72h notification helper: countdown from detection, status (assessing / notified / not-required-documented), and an exportable evidence pack (PDF/CSV).
- Map exposed data types to GDPR data categories (reuse
reports/data-types).
Hooks
src/lib/reports/compliance.ts, src/lib/reports/data-types.ts, new register model.
Why
Self-hosted and EU-relevant: GDPR Article 33 mandates breach notification to the supervisory authority within 72 hours, and all breaches must be documented regardless of whether notification is required. Fines reach 10M EUR or 2% of revenue. A built-in workflow plus exposure register is a strong differentiator for the self-hosted EU segment.
Scope
reports/data-types).Hooks
src/lib/reports/compliance.ts,src/lib/reports/data-types.ts, new register model.