Update app.js

app.js

@@ -58,7 +58,7 @@ const STEPS = [
       {
         k: "1e",
         label:
-          "Consult health trusts DPO, retain written rationale.",
+          "Consult health trusts data protection officer, retain written rationale.",
         req: true,
         showFor: ["research", "quality", "statistics", "innovation"],
         refs: [
@@ -130,7 +130,7 @@ const STEPS = [
     items: [
       {
         k: "3a",
-        label: "REK approval or exemption before research access/use.",
+        label: "Regional committees for medical and health research ethics (REK) approval or exemption before research access/use.",
         req: true,
         showFor: ["research"],
         refs: [
@@ -173,7 +173,7 @@ const STEPS = [
       {
         k: "4a",
         label:
-          "Obtain DUA/DSA (or equivalent) with data provider: scope, purpose, duration, security, confidentiality, post-hoc control, return/destruction.",
+          "Obtain data user or data sharing agreement (DUA/DSA or equivalent) with data provider: scope, purpose, duration, security, confidentiality, post-hoc control, return/destruction.",
         req: true,
         refs: [
         { title: "HPA §21 (confidentiality)", url: "https://lovdata.no/lov/1999-07-02-64/%C2%A721" },
@@ -205,7 +205,7 @@ const STEPS = [
       {
         k: "4d",
         label:
-          "Use SPE/SAE (e.g., TSD/HUNT Cloud/SAFE). Transfers via secure channels (logging, access control, encryption).",
+          "Use Secure Processing or Secure Analysis Environment(SPE/SAE) (e.g., TSD/HUNT Cloud/SAFE). Transfers via secure channels (logging, access control, encryption).",
         req: true,
         refs: [
           { title: "GDPR Art. 32", url: "https://gdpr-info.eu/art-32-gdpr/" },
@@ -260,13 +260,13 @@ const STEPS = [
       {
         k: "4g",
         label:
-          "Agreement aligns with SPE/Secure Processing Environment checklists.",
+          "Agreement aligns with SPE checklists.",
         req: true,
       },
       {
         k: "4h",
         label:
-          "EHDS alignment for cross-border/secondary use (permit; SPE; permitted purposes).",
+          "European health data space (EHDS) alignment for cross-border/secondary use (permit; SPE; permitted purposes).",
         req: false,
         refs: [
           { title: "EHDS Art. 68 (permit); Arts. 73/75 (SPE); Art. 53 (purposes)", url: "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202500327" }
@@ -289,7 +289,7 @@ const STEPS = [
       {
         k: "5b",
         label:
-          "Encrypted storage in transit/at rest, RBAC, MFA, network segregation, key mgmt, logging with risk-based review.",
+          "Encrypted storage in transit/at rest, Role-Based access control, multi-factor authentication, network segregation, key mgmt, logging with risk-based review.",
         req: true,
         refs: [
           { title: "GDPR Art. 32", url: "https://gdpr-info.eu/art-32-gdpr/" },
@@ -306,14 +306,14 @@ const STEPS = [
       {
         k: "5d",
         label:
-          "DPIA done before analysis (large-scale health/innovative AI/vulnerable groups) or rationale recorded.",
+          "Data Protection Impact Assessment (DPIA) done before analysis (large-scale health/innovative AI/vulnerable groups) or rationale recorded.",
         req: true,
         refs: [{ title: "GDPR Art. 35", url: "https://gdpr-info.eu/art-35-gdpr/" }],
       },
       {
         k: "5e",
         label:
-          "Consult DPO as required; record advice and implement recommendations.",
+          "Consult Data Protection Officer (DPO) as required; record advice and implement recommendations.",
         req: false,
         refs: [{ title: "GDPR Arts. 37–39", url: "https://gdpr-info.eu/chapter-4/" }],
       },
@@ -331,7 +331,7 @@ const STEPS = [
       {
         k: "5g",
         label:
-          "Transfers outside EEA: lawful mechanism (adequacy/SCCs/derogations); TIA documented; approvals/logs kept.",
+          "Transfers outside EEA: lawful mechanism (adequacy/Standard Contractual Clauses/derogations); Transfer Impact Assessment (TIA) documented; approvals/logs kept.",
         req: true,
         refs: [
           { title: "GDPR Arts. 44–46", url: "https://gdpr-info.eu/chapter-5/" },
@@ -348,7 +348,7 @@ const STEPS = [
       {
         k: "5i",
         label:
-          "Data breach: notify DPA within 72h where required; assess duty to inform subjects.",
+          "Data breach: notify national data protection authority (Datatilsynet) within 72h where required; assess duty to inform subjects.",
         req: true,
         refs: [{ title: "GDPR Arts. 33–34", url: "https://gdpr-info.eu/art-33-gdpr/" }],
       },
@@ -536,7 +536,7 @@ const STEPS = [
       {
         k: "7g",
         label:
-          "If developing an AI model: verify permission & GDPR legal basis; remove personal data or ensure vetted/validated use; respect IP/licensing & REK terms.",
+          "If developing an AI model: verify permission & GDPR legal basis; remove personal data or ensure vetted/validated use; respect intelectual propety/licensing & REK terms.",
         req: true,
         showFor: ["research", "quality","innovation"],
         refs: [
@@ -547,7 +547,7 @@ const STEPS = [
       {
         k: "7h",
         label:
-          "If deploying on EU market: conformity/CE/registration in EU AI database where required.",
+          "If deploying on EU market: conformity/CE marking/registration in EU AI database where required.",
         req: false,
         showFor: ["research", "quality","innovation"],
         refs: [{ title: "AI Act Arts. 30 & 43", url: "https://ai-act-law.eu/article/30/" }],