For more information visit https://brightpay.co.uk
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations.
This webinar will look at the GDPR, how it may affect your business and what we have learned from the GDPR 5 months on. We will also have a look at how BrightPay can help your organisation utilise the new regulations for the benefit of you, your customers and youremployees.
Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data, and that includes your employee’s personal payroll and HR information. We will take you through the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligations with regards to payroll, HR and Employment law.
The webinar will include a demonstration of how our BrightPay Connect add-on can help you work towards GDPR compliance by offering remote online access to accountants, employers and employees. We will take a brief look at our Bright Contracts software, which as well as providing the user with the facility to create and customise Contracts of Employment and Company Handbooks, now has a new feature which enables the user to create an Employee Privacy Policy which is a requirement under GDPR.
We will also unveil our new timesheet rapid input feature. Our exciting new timesheet feature directly connects to the BrightPay payroll and allows clients to import timesheet hours from a CSV or directly input hours for each employee on the BrightPay connect employer dashboard. For accountants and payroll bureaus, clients can easily use the timesheet upload for rapid input of employee’s hours eliminating possible errors. The timesheet feature also allows bureaus to easily run the payroll before sending it back to your payroll client for final approval and validation.
GDPR and evolving international privacy regulationsUlf Mattsson
Convergence of data privacy principles, standards and regulations
General Data Protection Regulation (GDPR)
GDPR and California Consumer Privacy Act (CCPA)
What role does technologies play in compliance
Use Cases
GDPR and personal data protection in EU research projectsLorenzo Mannella
This 20-minute presentation provides participants with a case study on data protection issues exposed by research partners awarded with a fictional Horizon 2020/Horizon Europe grant. Participants will follow the work of data controller and processors, committed to handle and store personal data of EU and Non-EU citizens for research purposes.
Participants will be engaged to evaluate the compliance of research activities with the General Data Protection Regulation (GDPR), which defines principles relating to processing of personal data, the lawfulness of such processing and modalities to ensure transparent information, communication and rights of the data subjects.
Rules and best practices in data processing are part of the essential toolbox for Research Managers and Administrators, answering the growing call of GDPR compliance along with Data Protection Officers. Beyond the understanding of accountability, privacy by design and by default principles, professionals are testing themselves with the constant update of data protection guidelines from the European Data Protection Board.
This session is targeted to an audience of intermediate level, aware of the topic of data protection/GDPR and willing to engage with other professionals on a case study analysis. The session will benefit from a short Q&A and a follow-up survey to gather best practices in data management put in place by participants in their day-to-day work.
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
For more information visit https://brightpay.co.uk
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations.
This webinar will look at the GDPR, how it may affect your business and what we have learned from the GDPR 5 months on. We will also have a look at how BrightPay can help your organisation utilise the new regulations for the benefit of you, your customers and youremployees.
Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data, and that includes your employee’s personal payroll and HR information. We will take you through the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligations with regards to payroll, HR and Employment law.
The webinar will include a demonstration of how our BrightPay Connect add-on can help you work towards GDPR compliance by offering remote online access to accountants, employers and employees. We will take a brief look at our Bright Contracts software, which as well as providing the user with the facility to create and customise Contracts of Employment and Company Handbooks, now has a new feature which enables the user to create an Employee Privacy Policy which is a requirement under GDPR.
We will also unveil our new timesheet rapid input feature. Our exciting new timesheet feature directly connects to the BrightPay payroll and allows clients to import timesheet hours from a CSV or directly input hours for each employee on the BrightPay connect employer dashboard. For accountants and payroll bureaus, clients can easily use the timesheet upload for rapid input of employee’s hours eliminating possible errors. The timesheet feature also allows bureaus to easily run the payroll before sending it back to your payroll client for final approval and validation.
GDPR and evolving international privacy regulationsUlf Mattsson
Convergence of data privacy principles, standards and regulations
General Data Protection Regulation (GDPR)
GDPR and California Consumer Privacy Act (CCPA)
What role does technologies play in compliance
Use Cases
GDPR and personal data protection in EU research projectsLorenzo Mannella
This 20-minute presentation provides participants with a case study on data protection issues exposed by research partners awarded with a fictional Horizon 2020/Horizon Europe grant. Participants will follow the work of data controller and processors, committed to handle and store personal data of EU and Non-EU citizens for research purposes.
Participants will be engaged to evaluate the compliance of research activities with the General Data Protection Regulation (GDPR), which defines principles relating to processing of personal data, the lawfulness of such processing and modalities to ensure transparent information, communication and rights of the data subjects.
Rules and best practices in data processing are part of the essential toolbox for Research Managers and Administrators, answering the growing call of GDPR compliance along with Data Protection Officers. Beyond the understanding of accountability, privacy by design and by default principles, professionals are testing themselves with the constant update of data protection guidelines from the European Data Protection Board.
This session is targeted to an audience of intermediate level, aware of the topic of data protection/GDPR and willing to engage with other professionals on a case study analysis. The session will benefit from a short Q&A and a follow-up survey to gather best practices in data management put in place by participants in their day-to-day work.
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
We will discuss the Evolving International Privacy Regulations. Cross Border Data Transfer for GDPR under Schrems II is now ruled by an EU court that defined what is required. This ruling can be far reaching for many businesses.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
GDPR is Top Priority in US
Over half of US multinationals say GDPR is their top data- protection priority according to PWC. Of the 200 respondents, 54 % reported that GDPR readiness is the highest priority on their data-privacy and security agenda. Another 38% said GDPR is one of several top priorities, while only 7% said it isn’t a top priority.
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
Even though GDPR is a European Union regulation, it impacts any company with customers in that region. One of the first key tasks of the data management team should be to create awareness regarding the impact of GDPR on the business with all key stakeholders across the organization. In order to generate awareness, organizations need to have clearly defined documentation defining the policies, rules, requirements and the impact of non-compliance. Kim Brushaber will look at what is involved with GDPR, what you should be concerned with, and how to get the conversation started between the business and technical teams within your organization using ER/Studio.
Ensuring GDPR Compliance - A Zymplify GuideZymplify
The GDPR will come into force on 25 May 2018 and will change data protection laws across the EU. Organisations can face heavy fines if they are found to be in breach of the GDPR, so take a look at Zymplify's guide to the most important parts of the regulation. Act now to get ready for the GDPR. Book a Demo with Zymplify - http://d36.co/12vWD
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
The European General Data Protection Regulation (GDPR) will come into effect in May 2018 and it will impact all organizations that store or process personal data of EU citizens. The European Commission is exporting European data protection principles to the rest of the world while widening the definition of personal data and enforcing privacy by design. These changes will not only have an impact on the organizations but also on the software which is used for data processing. How does it affect the Hadoop ecosystem?
Distributed data processing at scale is one of Hadoop’s core features and we will explore how the GDPR could potentially affect it. We will also take a look at the technical aspects of the rights of data subjects and see if and how we can address those, with a particular focus on open-source technologies.
This talk will give you an overview of the key themes of the GDPR including the rights of the data subject and will investigate the technical implications for data processing within the Hadoop ecosystem.
Presentation on GDPR which is not technical, nor product specific, focusing on manufacturing industry and providing a non expert view on what the regulation is all about.
Targeted to Senior Management who has a direct responsibility on the treatment (direct or indirect) of personal data.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
We will discuss the Evolving International Privacy Regulations. Cross Border Data Transfer for GDPR under Schrems II is now ruled by an EU court that defined what is required. This ruling can be far reaching for many businesses.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
GDPR is Top Priority in US
Over half of US multinationals say GDPR is their top data- protection priority according to PWC. Of the 200 respondents, 54 % reported that GDPR readiness is the highest priority on their data-privacy and security agenda. Another 38% said GDPR is one of several top priorities, while only 7% said it isn’t a top priority.
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
Even though GDPR is a European Union regulation, it impacts any company with customers in that region. One of the first key tasks of the data management team should be to create awareness regarding the impact of GDPR on the business with all key stakeholders across the organization. In order to generate awareness, organizations need to have clearly defined documentation defining the policies, rules, requirements and the impact of non-compliance. Kim Brushaber will look at what is involved with GDPR, what you should be concerned with, and how to get the conversation started between the business and technical teams within your organization using ER/Studio.
Ensuring GDPR Compliance - A Zymplify GuideZymplify
The GDPR will come into force on 25 May 2018 and will change data protection laws across the EU. Organisations can face heavy fines if they are found to be in breach of the GDPR, so take a look at Zymplify's guide to the most important parts of the regulation. Act now to get ready for the GDPR. Book a Demo with Zymplify - http://d36.co/12vWD
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
The European General Data Protection Regulation (GDPR) will come into effect in May 2018 and it will impact all organizations that store or process personal data of EU citizens. The European Commission is exporting European data protection principles to the rest of the world while widening the definition of personal data and enforcing privacy by design. These changes will not only have an impact on the organizations but also on the software which is used for data processing. How does it affect the Hadoop ecosystem?
Distributed data processing at scale is one of Hadoop’s core features and we will explore how the GDPR could potentially affect it. We will also take a look at the technical aspects of the rights of data subjects and see if and how we can address those, with a particular focus on open-source technologies.
This talk will give you an overview of the key themes of the GDPR including the rights of the data subject and will investigate the technical implications for data processing within the Hadoop ecosystem.
Presentation on GDPR which is not technical, nor product specific, focusing on manufacturing industry and providing a non expert view on what the regulation is all about.
Targeted to Senior Management who has a direct responsibility on the treatment (direct or indirect) of personal data.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
How MongoDB can accelerate a path to GDPR complianceMongoDB
The timeline for compliance with the European Union’s General Data Protection Regulation (GDPR) is fast approaching. To help you ensure you’re prepared, we’re hosting an online discussion in advance of May 25th (when the regulation goes into effect). We’ll cover:
The specific requirements of GDPR
How these map to required database capabilities
How MongoDB can provide the core technology foundations to help organizations accelerate their path to compliance
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
Webinar presented live on May 11, 2017.
As data is increasingly accessed and shared across geographic boundaries, a growing web of conflicting laws and regulations dictate where data can be transferred, stored, and shared, and how it is protected. The Object Management Group® (OMG®) and the Cloud Standards Customer Council™ (CSCC™) recently completed a significant effort to analyze and document the challenges posed by data residency. Data residency issues result from the storage and movement of data and metadata across geographies and jurisdictions.
Attend this webinar to learn more about data residency:
• How it may impact users and providers of IT services (including but not limited to the cloud)
• The complex web of laws and regulations that govern this area
• The relevant aspects – and limitations -- of current standards and potential areas of improvement
• How to contribute to future work
Read the OMG's paper, Data Residency Challenges and Opportunities for Standardization: http://www.omg.org/data-residency/
Read the CSCC's edition of the paper, Data Residency Challenges: http://www.cloud-council.org/deliverables/data-residency-challenges.htm
Data protection and other systems of personal data protection around the globe are fundamentally based on principles of "notice and choice". These basic principles are now however assailed from three directions: the chimera of online consent; the lack of opportunity for consent in the world of ambient intelligence or ubiq; and the destruction of purpose specification by the rise of Big Data. This paper connects the dots between all three and considers if anything is left of DP after.
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
Kawser Hamid : ICO and Data Protection in the CloudGurbir Singh
Kawser Hamid Lead Policy Officer at the Information Commissioner's Office talks about the challenges of Cloud Computing and complying with Data Protection Act
A recording of the Northwest Regional meeting of the Institute of Information Security Professionals in Manchester on 23rd May 2013. Copyright of this presentation is held by the author, Kawser Hamid.
Tokenization on Blockchain is a steady trend of 2018. It seems that everything is being tokenized on Blockchain from paintings, diamonds and company stocks to real estate. Thus, we took an asset, tokenized it and created its digital representation that lives on Blockchain. Blockchain guarantees that the ownership information is immutable.
Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency. For example, what happens if a company that handles tokenization sells the property? They have no legal rights on the property and thus are not protected by the law. Another problem is that this system brings us back some sort of centralization. The whole idea of Blockchain and especially smart contracts is to create a trustless environment.
Tokenization on Blockchain is a steady trend of 2018. Blockchain guarantees that the ownership information is immutable. Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency.
Tokenization is a method that converts a digital value into a digital token. Tokenization can be used as a method that converts rights to an asset into a digital token. The tokenization system can be implemented local to the data that is tokenized or offloaded to cloud. Tokenization in cloud can provide a lower total cost of ownership by sharing resources implementation and administration. A high level of security can be achieved by separating the tokenization system into a container that can be run on-prem (for larger banks) or isolated in a remote private cloud.
Please join my session that will discuss tokenization, blockchain and tokenization in blockchain.
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
This presentation cuts through the confusion and hype surrounding blockchain, explains the key technical aspects of blockchain systems, and summarizes the point of view of different blockchain luminaries and open sourced systems. Originally presented as a guest lecture at Columbia University in April 2019.
This presentation gives an overview of SPEC Cloud (TM) IaaS 2016, the first industry standard benchmark that measures the performance of infrastructure as a service clouds. More details on benchmark at https://www.spec.org/cloud_iaas2016/ .
A Survey of Container Security in 2016: A Security Update on Container PlatformsSalman Baset
This talk is an update of container security in 2016. It describes the security measures that containers provide, shows how containers provide security measures out of box that are prone to configuration errors when running applications directly on host, and finally lists the ongoing in container security in the community.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
2. Outline
• GDPR and blockchain - summary
• GDPR
• What is GDPR?
• Who are the actors?
• What is personal data?
• What are rights of a person?
• What are the responsibilities of a controller?
• Myths about GDPR
• GDPR in action
• Blockchain
• What is blockchain?
• Bitcoin – what is it and how people use it
• Who is the data controller in bitcoin?
• Types of blockchain
• Properties of blockchain that are challenging for GDPR
• Permissioned private blockchains and GDPR
• GDPR and Blockchain
• Possible approaches and their pitfalls
2
3. Disclaimer
• General Data Protection Regulation (GDPR) is a law.
• I am not a lawyer; I am a security professional who has applied GDPR
in permissioned private blockchains.
• I am involved in various open source blockchain initiatives such as
Hyperledger.
3
4. GDPR and Blockchain*
GDPR compliance is not about the technology, it is about how the
technology is used
Just like there is no GDPR-compliant Internet. Or there is no GDPR-compliant
Artificial Intelligence. Similarly, there is no such thing as GDPR-compliant
blockchain technology.
There are only GDPR-compliant use cases and applications.
The general approach for a use or an application is to avoid storing personal
data on blockchain.
https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf?width=1024&height=800&iframe=true
4
5. What is GDPR?
• A law that regulates the processing by an individual, a company, or an
organization of personal data relating to individuals in the EU+.
https://www.bbc.com/news/world-middle-east-24367705
EU has 28 member states
• Switzerland is not a EU member
• Norway is not a EU member
• Brexit (United Kingdom) and GDPR?
Affects every sector, from healthcare, to Internet
services, to banking, and beyond.
Individuals: applies to EU citizens as well as non-citizens
in EU.
GDPR came into effect on May 25, 2018.
GDPR has 99 Articles and 173 recitals.
+ https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en 5
6. Who are the actors in GDPR?
Data subject. Article 4(1). “‘person data’ means any information relating to an identified or identifiable natural person (‘data subject’)”
Example: you
S
C
P
Data controller. Article 4(7). … “determines the purpose and means of the processing of personal data”…
Example: University is a data controller.
Data processor. Article 4(8). “ ‘processor’ means a natural or legal person, public authority, agency or other body which processes
personal data on behalf of the controller.”
Example: University email service provided by a cloud service provider.
DPO Data protection officer. Article 37-39. appointed by a controller and a processor to advise employees and monitor compliance
Example: University privacy officer
SA
Supervisory authority. Article 4(21) and Article 51. An EU country-specific authority for monitoring compliance to GDPR
DPB
Data Protection Board. Article 68. Ensure consistent application of GDPR.
monitor
companycountryEU
6
7. What is personal data?
• Some things are obvious
• Name
• Biometric data
• Racial or ethnic origin
• Religious or political beliefs
• Health data
• Sex life and sexual orientation
• Some things are not so obvious
• IP address
• Cookie ID
• Employment and education history
7
8. What are the rights of a data subject? Articles 12-23
Some examples in the blockchain context
• Right to rectification – Article 16
• Right to be erasure – Article 17
• Right to restriction of processing – Article 18
• Right to data portability – Article 19
S
8
9. What are the responsibilities of data controller and
processor?
• Many
• Security of processing – Article 32
• “Taking into account the state of the art, the costs of implementation and the
nature, scope, context and purposes of processing as well as the risk of varying
likelihood and severity for the rights and freedoms of natural persons, the controller
and the processor shall implement appropriate technical and organisational
measures to ensure a level of security appropriate to the risk, including inter alia as
appropriate:
• pseudonymization and encryption of data
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of
processing systems and services;”
• Notification of a personal data breach to the supervisory authority. Article
33.
9
10. Where does a data controller or a processor typically
find personal data?
• Customer relationship management (CRM) databases
• Human resource management (HRM) databases
• Web server logs
• Data backups / data warehouse
10
11. Myths about GDPR
• EU personal data must reside within a data center in EU.
• False
• GDPR applies when a EU person visits another country
• False. Law of another country applies.
• There are no exceptions in GDPR.
• False. See above about law of another country. Other examples include law enforcement,
public safety.
• Office address is personal data?
• False, but it depends. Your name with office address becomes personal data.
11
12. How is GDPR doing since its release?
• More companies reporting breaches
• Fine imposed on British Airways
• https://www.bbc.com/news/business-48905907
• Who is next? J
12
13. Outline
• GDPR and blockchain - summary
• GDPR
• What is GDPR?
• Who are the actors?
• What is personal data?
• What are rights of a person?
• What are the responsibilities of a controller?
• Myths about GDPR
• GDPR in action
• Blockchain
• What is blockchain?
• Bitcoin – what is it and how people use it
• Who is the data controller in bitcoin?
• Types of blockchain
• Properties of blockchain that are challenging for GDPR
• Permissioned private blockchains and GDPR
• GDPR and Blockchain
• Possible approaches and their pitfalls
13
14. What is blockchain?
• NIST.IR.8202
• (first two lines of intro) Blockchains are tamper evident and tamper resistant
digital ledgers implemented in a distributed fashion (i.e., without a central
repository) and usually without a central authority (i.e., a bank, company, or
government). At their basic level, they enable a community of users to record
transactions in a shared ledger within that community, such that under
normal operation of the blockchain network no transaction can be changed
once published.
What is a block? – grouping of transactions
What is a transaction? – a mechanism to update the ledger
Does the definition clearly state the append-only aspect of ledger?
14
15. What is a “ledger”?
• https://www.merriam-webster.com/dictionary/ledger
• a book containing accounts to which debits and credits are posted from books
of original entry
• a horizontal board used for vertical support (as in scaffolding)
• The ledger familiar to “most” of us…?
• Personal journal
15
16. Ledger vs. personal journal
Ledger Personal journal
Written on Paper with typically pen Paper, with pen or pencil
Can also be written with IT system (e.g., computer, SaaS) IT system (e.g., computer, SaaS)
Record of who made changes Important Not so much
Common primary application Recording monetary
transactions
Thoughts
Information lay out Structure (tabular), credit/debit,
with dates
Usually with dates
Information is appended? Typically, yes Typically, yes
Shared with others Employees (probably). Other
entities, no, unless IRS J
Depends J
16
17. What is a digital ledger?
• A ledger stored in a digital form
• On a (personal) computer or a set of computers
• Can contain data ranging from few bytes to peta bytes, and beyond
• What is distributed paper ledger?
• Create copies of paper and distribute it to relevant folks whenever there is a change?
• What is a distributed digital ledger? (or simply distributed ledger)
• Ledgers stored in digital form on a set of computers (e.g., cloud), where data
repository is not confined to a single computer (NIST: without central repository).
The structure of the information stored within the ledger depends on the
application.
17
18. Tamper evident and tamper resistant
• Immutable: Merriam-Webster
• https://www.merriam-webster.com/dictionary/immutable
• not capable of or susceptible to change
• Why do we write personal checks with a pen and not with a pencil?
• May be, no one writes personal checks these days J
• tamper evident and tamper resistant – to an extent
• Can a (distributed) digital ledger be changed?
• Of course!
• How to detect changes to a (distributed) digital ledger and prevent changes?
• Detect changes: audit logs
• Prevent unauthorized changes: authz, authn (requires identity)
18
19. [Lack of] Central authority or central repository - Examples
• I run a database on my single machine.
• Central repository?
• Central authority?
• A big search engine has a massive farm of distributed machines connected over network, that work
together to respond to search queries.
• Central repository?
• Central authority?
• A music file-sharing system (Napster) has a central list of which users have files, but files are
downloaded peer-to-peer.
• Central authority?
• Central repository?
• A file-sharing network has a distributed index of files and file chunks.
• Central repository?
• Central authority?
19
Who is data controller and data processor?
20. What is Bitcoin? – from the paper Conclusion
We have proposed a system for electronic transactions without relying on trust.
We started with the usual framework of coins made from digital signatures, which
provides strong control of ownership, but is incomplete without a way to prevent
double-spending. To solve this, we proposed a peer-to-peer network using proof-
of-work to record a public history of transactions that quickly becomes
computationally impractical for an attacker to change if honest nodes control a
majority of CPU power. The network is robust in its unstructured simplicity. Nodes
work all at once with little coordination. They do not need to be identified, since
messages are not routed to any particular place and only need to be delivered on a
best effort basis. Nodes can leave and rejoin the network at will, accepting the
proof-of-work chain as proof of what happened while they were gone. They vote
with their CPU power, expressing their acceptance of valid blocks by working on
extending them and rejecting invalid blocks by refusing to work on them. Any
needed rules and incentives can be enforced with this consensus mechanism.
20
21. What is Bitcoin? – from the paper Conclusion
We have proposed a system for electronic transactions without relying on trust.
We started with the usual framework of coins made from digital signatures, which
provides strong control of ownership, but is incomplete without a way to prevent
double-spending. To solve this, we proposed a peer-to-peer network using proof-
of-work to record a public history of transactions that quickly becomes
computationally impractical for an attacker to change if honest nodes control a
majority of CPU power. The network is robust in its unstructured simplicity. Nodes
work all at once with little coordination. They do not need to be identified, since
messages are not routed to any particular place and only need to be delivered on a
best effort basis. Nodes can leave and rejoin the network at will, accepting the
proof-of-work chain as proof of what happened while they were gone. They vote
with their CPU power, expressing their acceptance of valid blocks by working on
extending them and rejecting invalid blocks by refusing to work on them. Any
needed rules and incentives can be enforced with this consensus mechanism.
https://bitcoin.org/bitcoin.pdf
So, no non-electronic (aka paper) transactions?
all over the world?
distributed? anonymity is a goal ?
anyone can join and leave consensus algorithm
is fixed.
interesting
21
22. What is Bitcoin? – A geographically distributed peer-to-
peer network
Bitcoin ledger
Bitcoin ledger
Bitcoin ledger
Bitcoin ledger
Bitcoin ledger
Bitcoin ledger
Bitcoin ledger
Bitcoin ledger
Bitcoin ledger
22
23. Bitcoin: Blocks and Transactions
Block N
T1
T2: A -> B
T3
T4
Block N+1
B->C
Block N+2
C->D
H(N) H(N+1)
T1 T2 T3 T4
H() H() H() H()
H() H()
H(N)
Transaction (oversimplification):
- comprises the public key of the sender
- Signed structured data (with private key of transaction originator)
that indicates some transfer of bitcoins
- The structured contains information about transfer of Bitcoins
e.g.,
- S_key, Coin=1, R_key, Coin=2
S_key, Coin=0, R_key, Coin=3
- Public key of receiver
23
Does Bitcoin store personal information?
No. However, if public keys can be attributed to a person with high fidelity, there is presently no
way to break that linkage. e.g., by purging those transactions from the bitcoin ledger.
24. How to people use Bitcoin?
• Through an intermediary
• Bitcoin exchange
• Payment exchange
• Directly – by running the software
24
25. Who is the data controller / processor for Bitcoin?
• Through an intermediary
• Bitcoin exchange
• Payment exchange
• Intermediary becomes the data controller
• Directly – by running the software
• Can a peer-to-peer network which is not under anyone’s control be a data
controller?
• Are core software developers of Bitcoin data controllers?
25
26. Distributed Ledger Technologies aka Blockchain categorization
Drive value of cryptocurrency Cryptocurrency for a business use-case
Blockchain for business
Anonymous Permissioned
CryptocurrencyNon-Cryptocurrency
Standards bodies and consortiums
26
27. Types of blockchain
• What is public blockchain
• Ledger is public – accessible by anyone
• What is permission-less public blockchain?
• Ledger is public, and anyone can join the network. (Bitcoin)
• What is permissioned public blockchain
• Ledger is public, but approvals required before joining the network. (Sovrin foundation,
potentially Hyperledger Fabric also)
• What is permissioned private blockchain?
• Ledger is private, and approvals required before joining the network (Hyperledger Fabric)
• What is permission-less private blockchain?
• Good question :). Ledgers are private, but how can anyone join a private blockchain?
27
28. Blockchain properties that are challenging for GDPR
• Distributed – distributed without consent
• Immutable – existing data cannot be changed
• Permanent - existing data cannot be changed. Record is permanent
28
29. What is Hyperledger?
• Hyperledger is an open source collaborative effort created to advance cross-industry blockchain
technologies. It is a global collaboration, hosted by The Linux Foundation, including leaders in finance,
banking, Internet of Things, supply chains, manufacturing and Technology.
• Launched in February 2016
https://www.hyperledger.org/about
Frameworks
Tools
Hyperledger
Indy
Hyperledger
Fabric
Hyperledger
Iroha
Hyperledger
Sawtooth
Hyperledger
Burrow
Hyperledger
Composer
Hyperledger
Explorer
Hyperledger
Cello
29
Hyperledger
Ursa
30. Overview of Hyperledger Fabric – Key Design Goals
• The four P’s
• Permissioned
• Privacy
• Pluggability
• Performance
30
31. Permissioned: Existing members determine who can join the network,
and update configuration
Public blockchains
• Download software and connect to network
• Configuration updated through developer
or community consensus
Hyperledger Fabric
• Policy-based mechanism to admit new
members and to update configuration
6/8 votes
(admit A: majority vote)
A
A
B
I want to invite A to network
A
B
A
B
A
B A
B
A
B
A
B
A
B
B
I want to invite B to network
A
B
3/8 votes
(reject B: majority vote)
Permissioned != Private 31
32. Privacy: Smart contract execution, and transaction data storage limited to a
set of nodes in the network based on policy
Public blockchains
• Every node runs smart contract
• Every full node can potentially have a full copy
of the ledger
Hyperledger Fabric
• A subset of nodes will run smart contracts
• The ledger updates are limited to set of
nodes (channel).
• Nodes in a channel can directly share private
data directly with subset of nodes (collections,
v1.1 feature)
SC
SC
SC
SC
SC
SC
SC
SC
SCSC
SC
Channel /
Private data collection
32
33. Pluggability: consensus, identity provider, crypto, data format, smart
contract language
Public blockchains
• Fixed or hard to change consensus algorithm (proof of work)
• Fixed encryption (e.g., secp256k1)
• Identity = public key - self
• Domain specific language (DSL) for writing smart contracts
Hyperledger Fabric
• Pluggable consensus algorithm (PBFT, Kafka)
• Pluggable crypto service provider
• Pluggable identity provider, zero knowledge
proofs
• General data format, key / value pair
• General purpose languages for writing smart contracts
(Javascript, Go)
33
34. Hyperledger Fabric and GDPR
• Transaction (oversimplification):
• comprises X.509 certificate of originator containing its
public key
• As well as entities signing (voting) on this request
• No structure of data being stored
• Key / value
• X.509 certificate may contain personal data - see
screenshot
• Values may contain personal data
34
35. Possible approaches for GDPR and Blockchain – and
their pitfalls
• Avoid storing personal data on blockchain
• Anonymize data and store on blockchain
• Not much business value
• Encrypt data and store on blockchain
• Encryption can be broken one day
• Pseudonymize personal data
• A random identifier stored in blockchain in lieu of personal data
• An off-blockchain database stores the link between random identifier and personal data
• Logical deletion achieved by deleting personal data from off-blockchain database
• Permissioned private blockchains
• Establishing a governance process of which information will be stored in blockchain is
critical go ensuring adherence to GDPR
35
36. Conclusion
• Start with big picture – establish governance process
• Avoid storing personal data on blockchain
• If blockchain is unavoidable, consider permissioned private
blockchains
• Be as clear and as transparent to your users
36