Update app.py

app.py

@@ -15,8 +15,19 @@ def prompt_based_analysis(question, context):
     except Exception as e:
         return f"Error analyzing data: {str(e)}"
 
-# Function to analyze audit data for GDPR compliance using prompts
+# Function to analyze audit data for GDPR compliance using the GDPR framework
 def analyze_gdpr_compliance(audit_data):
+    # GDPR Principles
+    principles = {
+        "Lawfulness, Fairness, and Transparency": "Ensure that data processing is done lawfully, fairly, and in a transparent manner.",
+        "Purpose Limitation": "Ensure that data collected is for specified, explicit, and legitimate purposes.",
+        "Data Minimization": "Ensure that data collected is adequate, relevant, and limited to what is necessary.",
+        "Accuracy": "Ensure that personal data is accurate and up to date.",
+        "Storage Limitation": "Ensure that personal data is kept no longer than necessary.",
+        "Integrity and Confidentiality": "Ensure that personal data is processed securely to prevent unauthorized access, loss, or destruction."
+    }
+
+    # Prompt context from audit data
     system_info_context = f"OS Version: {audit_data.get('os_version', 'Unknown')}, Architecture: {audit_data.get('architecture', 'Unknown')}, Memory: {audit_data.get('memory', 'Unknown')}"
     disk_usage_context = f"Disk Usage: {audit_data.get('disk_usage', {}).get('usage_percent', 'Unknown')}%"
     network_info_context = f"Interfaces: {', '.join(audit_data.get('network_info', {}).get('interfaces', []))}"
@@ -24,14 +35,26 @@ def analyze_gdpr_compliance(audit_data):
     processes_context = f"Running Processes: {', '.join(audit_data.get('running_processes', []))}"
     software_inventory_context = f"Software Installed: {', '.join(audit_data.get('software_inventory', []))}"
 
-    # Prompts for each section
-    system_info_analysis = prompt_based_analysis("Evaluate the system information for GDPR compliance. Highlight any potential risks related to OS version, architecture, and memory.", system_info_context)
-    disk_usage_analysis = prompt_based_analysis("Evaluate the disk usage in terms of GDPR compliance. Discuss data storage practices, retention policies, and any storage-related risks.", disk_usage_context)
-    network_info_analysis = prompt_based_analysis("Evaluate the network interfaces in terms of GDPR compliance. Focus on potential risks related to network security and data transmission.", network_info_context)
-    security_measures_analysis = prompt_based_analysis("Assess the security measures for GDPR compliance, particularly encryption and data anonymization. Identify any weaknesses or gaps in data protection.", security_measures_context)
-    processes_analysis = prompt_based_analysis("Analyze the running processes for GDPR compliance. Identify potential vulnerabilities and risks related to the execution of unauthorized processes.", processes_context)
-    software_inventory_analysis = prompt_based_analysis("Evaluate the installed software for GDPR compliance. Highlight any outdated or vulnerable software that could pose risks.", software_inventory_context)
-    
+    # Prompts for GDPR principles applied to sections
+    system_info_analysis = prompt_based_analysis(
+        f"Evaluate the system information in terms of GDPR compliance focusing on {principles['Lawfulness, Fairness, and Transparency']} and {principles['Purpose Limitation']}.", system_info_context
+    )
+    disk_usage_analysis = prompt_based_analysis(
+        f"Evaluate the disk usage under the {principles['Storage Limitation']} principle and ensure compliance.", disk_usage_context
+    )
+    network_info_analysis = prompt_based_analysis(
+        f"Evaluate the network interfaces with respect to {principles['Integrity and Confidentiality']}, identifying any potential security risks.", network_info_context
+    )
+    security_measures_analysis = prompt_based_analysis(
+        f"Analyze the encryption and anonymization methods under the {principles['Integrity and Confidentiality']} principle, identifying any weaknesses.", security_measures_context
+    )
+    processes_analysis = prompt_based_analysis(
+        f"Evaluate the running processes for GDPR compliance under {principles['Lawfulness, Fairness, and Transparency']}, focusing on unauthorized or risky processes.", processes_context
+    )
+    software_inventory_analysis = prompt_based_analysis(
+        f"Assess the installed software for GDPR compliance focusing on {principles['Accuracy']} and {principles['Integrity and Confidentiality']}.", software_inventory_context
+    )
+
     # Findings organized by section
     findings = {
         "system_info": system_info_analysis,
@@ -42,26 +65,26 @@ def analyze_gdpr_compliance(audit_data):
         "software_inventory": software_inventory_analysis,
     }
     
-    # Recommendations based on the findings
+    # Detailed Recommendations based on the findings
     recommendations = []
     if "Unknown" in system_info_context:
-        recommendations.append("Review System Information: Ensure that the OS, architecture, and memory configurations are well documented and up to date.")
+        recommendations.append("Review System Information: Ensure that the OS, architecture, and memory configurations are well documented and up to date in accordance with GDPR transparency requirements.")
     
     if 'not encrypted' in security_measures_analysis.lower() or 'no encryption' in security_measures_analysis.lower():
-        recommendations.append("Implement Encryption: Ensure that both stored and transmitted data are encrypted.")
+        recommendations.append("Implement Encryption: Ensure that both stored and transmitted data are encrypted to meet GDPR security requirements.")
     
     if 'not anonymized' in security_measures_analysis.lower():
-        recommendations.append("Implement Data Anonymization: Ensure that sensitive data is anonymized during storage.")
+        recommendations.append("Implement Data Anonymization: Ensure that sensitive data is anonymized during storage to comply with GDPR's confidentiality principle.")
     
     if 'outdated' in software_inventory_analysis.lower() or 'vulnerable' in software_inventory_analysis.lower():
-        recommendations.append("Update Software: Ensure that all installed software is up to date and free from known vulnerabilities.")
-    
+        recommendations.append("Update Software: Ensure that all installed software is up to date and free from known vulnerabilities to maintain the integrity and confidentiality of personal data.")
+
     if 'vulnerable processes' in processes_analysis.lower() or 'unauthorized processes' in processes_analysis.lower():
-        recommendations.append("Review Running Processes: Regularly audit running processes and ensure that no unauthorized or vulnerable processes are running.")
+        recommendations.append("Review Running Processes: Regularly audit running processes and ensure that no unauthorized or risky processes are running to maintain GDPR compliance.")
     
     return findings, recommendations
 
-# Generate GDPR Compliance Report with advanced prompts for each section
+# Generate GDPR Compliance Report with advanced prompts for each section using the GDPR framework
 def generate_gdpr_report(audit_data, company_name="Company Name", system_name="System Name"):
     findings, recommendations = analyze_gdpr_compliance(audit_data)
     
@@ -76,7 +99,7 @@ def generate_gdpr_report(audit_data, company_name="Company Name", system_name="S
     Executive Summary:
     This report evaluates the compliance of {company_name} with the General Data Protection Regulation (GDPR).
     Based on the system audit and analysis of data handling processes, this report provides findings, identifies compliance gaps,
-    and suggests recommendations to enhance GDPR adherence.
+    and suggests recommendations to enhance GDPR adherence based on the key principles of GDPR, such as Lawfulness, Fairness, Transparency, Purpose Limitation, Data Minimization, Accuracy, Storage Limitation, and Integrity & Confidentiality.
     
     Key Findings:
     
@@ -142,7 +165,7 @@ def analyze_csv_file(file_obj):
 # Gradio Interface
 with gr.Blocks() as demo:
     with gr.Column():
-        gr.Markdown("# GDPR and PCI Compliance Evaluation\n### Upload Audit Data in CSV Format")
+        gr.Markdown("# GDPR Compliance Evaluation\n### Upload Audit Data in CSV Format")
         csv_file = gr.File(label="Upload CSV file")
         
         gdpr_compliance = gr.Textbox(lines=10, placeholder="GDPR Compliance Analysis...", label="GDPR Compliance Analysis")