Skip to main content

2 posts tagged with "compliance"

View All Tags

v1.2.0 — Phase 5: DSAR Extended Workflows & Break-Glass

What's new in v1.2.0

Break-Glass Access

Club admins can now manage CANNEVO support access grants from a dedicated Break-Glass page:

  • Approve or revoke support access grants
  • Real-time expiry countdown (max 2-hour duration)
  • Full audit trail of all break-glass sessions
  • Accessible at Compliance → Break-Glass

DSAR Extended Workflows

The DSAR module has been significantly extended:

  • Access Package — generate a GDPR Art. 15 data export for a member
  • Erasure Check — verify what can be deleted vs. legally required to retain (§26 KCanG retention)
  • Portability Export — generate a machine-readable export (Art. 20 GDPR)
  • 60-day Extension — request a deadline extension with mandatory justification
  • Legal Hold Flag — mark a DSAR as legally sensitive to flag for review

DPA Configuration

A new Config page shows the club's Data Processing Agreement (DPA) status. If the DPA has not yet been accepted, a one-click acceptance button is shown — the acceptance is recorded immutably.

Fixes

  • Fixed DSAR deadline calculation not accounting for weekends in some timezones
  • Fixed break-glass grant incorrectly allowing creation of a second active grant

v1.1.0 — Phase 4: Audit Trails & Breach Management

What's new in v1.1.0

Audit Log

Every data-changing action in the Admin Portal is now recorded in an immutable audit log.

  • Role-filtered views (compliance officers see all events; lower roles see their own)
  • Filter by date range, table, event type, and actor
  • Expandable before/after state for each event
  • 12 tables covered including members, roles, dispensing events, compliance records

Breach Incident Management

New Breach Incidents module for managing GDPR data breaches:

  • Dual-clock tracking: T+8h internal alert and T+72h authority notification deadline
  • Status workflow: discovered → assessing → notified_authority → notified_individuals → closed
  • Automatic escalation alerts as deadlines approach
  • Structured evidence capture for regulatory submissions

DSAR Management

Initial DSAR module for handling Data Subject Access Requests:

  • Register access, erasure, portability, and restriction requests
  • Automatic 30-day response deadline
  • Status workflow: pending → in_progress → completed / rejected
  • Members with open DSARs excluded from retention archival

Compliance Dashboard (9 panels)

The Compliance Dashboard now shows 9 real-time panels covering all major compliance areas, plus a green/yellow/red overall status indicator.

Fixes

  • Fixed an issue where the 500-member cap check was not enforced for concurrent registrations
  • Improved error messaging on role change approval failures