compliance_report() takes the findings returned by detect_pii() and produces a structured risk summary — including applicable regulations, GDPR data categories, and an overall risk level. Everything runs locally; no data is sent to any server.
Generating a report
from flexorch_audit import detect_pii, compliance_report
text = """
Müşteri: Ayşe Kaya
T.C. Kimlik: 12345678901
E-posta: ayse.kaya@sirket.com
IBAN: TR33 0006 1005 1978 6457 8413 26
"""
findings = detect_pii(text)
report = compliance_report(findings)
print(report)
# {
# "risk_level": "high",
# "applicable_regulations": ["KVKK", "GDPR"],
# "gdpr_categories": ["identification", "financial"],
# "detected_countries": ["TR"],
# "pii_type_counts": {
# "national_id_tr": 1,
# "email": 1,
# "iban_tr": 1
# }
# }
Risk levels
compliance_report() assigns one of four risk levels based on the types and quantity of PII detected.
| Level | When it applies |
|---|
none | No PII was detected in the text |
low | Only low-sensitivity types such as email addresses or phone numbers |
medium | Financial or contact data is present |
high | National IDs, health data, biometric data, or 3 or more PII types detected |
A high risk level means the document contains data that is subject to strict handling requirements under KVKK and GDPR. Review your retention and access policies before storing or sharing this content.
GDPR categories
compliance_report() maps each detected PII type to the relevant GDPR Article 4 personal data category or Article 9 special category.
| Category | Examples |
|---|
identification | National IDs, passport numbers |
financial | IBAN, credit card numbers, tax IDs |
contact | Email addresses, phone numbers |
biometric | Biometric identifiers (when detected) |
health | Health-related data (when detected) |
If you use the FlexOrch platform, you get the full GDPR Article 30 Record of Processing Activities (ROPA) and NIS2 audit export via the API — including historical records, controller details, and purpose-of-processing fields. See GDPR Article 30 and NIS2 Audit Export. 
