https://wso2.com/solutions/regulatory-compliance/gdpr/
The EU General Data Protection Regulation (GDPR) has many identity architects uniquely positioned to help their organizations to comply with the ruling.
Effective from 25th May 2018, the regulation 2016/679 of the European parliament and of the council, replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe. It aims to protect and empower all EU residents' data privacy and to reshape the way organizations across the region approach data privacy. GDPR is also quite prominent due to the heavy penalties introduced for violators — which could be as much as 4% of the annual global turnover or €20 million (whichever is greater).
In this webinar we will discuss all technical aspects of the regulation and what steps you as an identity architect can take to ensure that your security strategy is primed for GDPR.
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
Overview of the EU General Data Protection Regulation (GDPR) by Simon Marks, Head of Hi-Tech practice, Epstein Rosenblum Maoz (ERM). Includes:
- One Law to rule them all
- Key Principles
- Data Subjects’ Rights
- Increased Obligations
- Legal Basis Requirement for Processing
- Data Subjects’ Consent
- Processing Special Categories of Data
- Health-related data
- Privacy by Design and by Default
- Data Protection Officer
- Data Breach Notification
- Sanctions and fines
-
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
Overview of the EU General Data Protection Regulation (GDPR) by Simon Marks, Head of Hi-Tech practice, Epstein Rosenblum Maoz (ERM). Includes:
- One Law to rule them all
- Key Principles
- Data Subjects’ Rights
- Increased Obligations
- Legal Basis Requirement for Processing
- Data Subjects’ Consent
- Processing Special Categories of Data
- Health-related data
- Privacy by Design and by Default
- Data Protection Officer
- Data Breach Notification
- Sanctions and fines
-
The recent Facebook-Cambridge Analytica scandal has stirred heated discussions on privacy around the globe. An estimated 87 million people are affected by the data breach. Although the majority of the affected users are in the United States, Facebook published that personal data of over 1 million users in the Philippines, United Kingdom, and Indonesia are also compromised.
For the people who ratified the General Data Protection Regulation (GDPR), the answer is a resounding NO.
As Reinis Papulis of KRONBERGS ČUKSTE DERLING points out, “today’s level of technological development and role of personal data in the provision of various services has made it impossible to ensure the protection of personal data (privacy of individuals) at an adequate level with a legal act that was adopted in the second half of the 90's.”
This has prompted the EU to overhaul its defences against data breaches. Technology changes fast and data collection is at its peak today. Out of the necessity to protect consumers and uphold data privacy, the General Data Protection Regulation is set to be in full effect beginning May 25, 2018.
The battle for data privacy is not lost. And the enforcement of GDPR shows that we can still put up a good fight against companies that treat our personal data as commodities. However, there’s still a long way ahead of us.
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
Merit Event - Understanding and Managing Data Protectionmeritnorthwest
From the 24th of October 2002, the Data Protection Act 1998, which applies to local government, NHS Trusts, Schools, Universities and all UK organisations who process personal information, comes into full force. The Data Protection Act 1998 gives people more rights to have their personal information handled fairly, to object to certain types of processing and to have access to any information held about them.
Who should attend:
These briefings have been designed for those who are responsible for the implementation of the Data Protection Act 1998. The practical as well as the theory will be dealt with and attendees will have the opportunity to discuss Data Protection business issues with experts and other delegates.
Briefing Content:
Morning session - Introduction
a) The Data Protection Act and its Principles
b) Responsibilities
c) Policies and Notification
d) Dealing with sub-contractors
e) Subject Access
f) Manual Records
g) Human Resource
Afternoon Session - Auditing
a) Do you need to Audit?
b) How to Audit
c) Do you know what data you process?
d) Reviewing Responsibilities
e) Procedures and Processes
f) Putting Things Right
g) Demonstrating Compliance
About the eBusiness Club
This training day is being organised as part of the eBusiness Club activities managed on behalf of the Chamber on Merseyside by MERIT (NW) Ltd and supported by leading public and private sector partners. The Merseyside eBusiness club will assist members to achieve the best possible results from their ICT and eBusiness systems. At the same time they will learn about innovations in the market place and hear directly from the leading voices in the industry
Full details about the eBusiness Club can be found online at www.merit.org.uk/ebusinessclub or alternatively by contacting Ian Bulmer, eBusiness Club Co-ordinator, MERIT (NW) Ltd, One Old Hall Street, Liverpool. L3 9HG. Tel: 0151 285 1400 email: ebusinessclub@merit.org.uk
An In House Counsel and Privacy Practitioners update on the changed regulatory landscape.
The Privacy and Data Protection Act 2014 received Royal Assent on 2 September 2014.
The new legislation replaces the Information Privacy Act 2000, and the Commissioner for Law Enforcement Data Security Act 2005, with a unified scheme governing the handling of personal information and data by Victorian Public sector agencies.
Domain management and brand protection in the era of the EU's GDPRBartLieben
Overview on how the General Data Protection Regulation clashes with ICANN's obligations imposed upon registries and registrars to have a publicly accessible WHOIS
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
Presentation at the COCIR annual meeting on 17 March 2016 regarding the top 7 operational impacts of the new EU General Data Protection Regulation for health IT companies.
Personal Data Protection Act - Employee Data PrivacylegalPadmin
Speech by Pn Adlin Abdul Majid, Advocate & Solicitor from Lee Hishamuddin, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 9, 2015
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
In this webinar, see the specific impacts of GDPR on B2B companies as they plan, budget, launch and measure success from ABM advertising programs that reach and engage the 500 Million+ citizens of EU countries and the UK. Our panel of experts will cover the IT, Legal, Marketing, Data and Technology Provider side of GDPR compliance. All of these dimensions need to be addressed as you plan for the world of GDPR.
Slides utilisés par Nathalie Ragheno, premier conseiller à la FEB, lors de sa conférence à la tribune du Forum financier du Brabant wallon, le 14 décembre 2017
An introduction to the Data Protection & GDPR Health Check service provided by DVV Solutions. Ensure your compliance with GDPR and understand the gaps you need to fill.
GDPR clinic - A strategic approach for compliance with the European General Data Protection regulation
Paolo Balboni Ph.D. - Founding Partner at ICT Legal Consulting & President of the European Privacy Association
Nicola Franchetto LL.M. - Associate at ICT Legal Consulting &
Fellow of the European Privacy Association
The recent Facebook-Cambridge Analytica scandal has stirred heated discussions on privacy around the globe. An estimated 87 million people are affected by the data breach. Although the majority of the affected users are in the United States, Facebook published that personal data of over 1 million users in the Philippines, United Kingdom, and Indonesia are also compromised.
For the people who ratified the General Data Protection Regulation (GDPR), the answer is a resounding NO.
As Reinis Papulis of KRONBERGS ČUKSTE DERLING points out, “today’s level of technological development and role of personal data in the provision of various services has made it impossible to ensure the protection of personal data (privacy of individuals) at an adequate level with a legal act that was adopted in the second half of the 90's.”
This has prompted the EU to overhaul its defences against data breaches. Technology changes fast and data collection is at its peak today. Out of the necessity to protect consumers and uphold data privacy, the General Data Protection Regulation is set to be in full effect beginning May 25, 2018.
The battle for data privacy is not lost. And the enforcement of GDPR shows that we can still put up a good fight against companies that treat our personal data as commodities. However, there’s still a long way ahead of us.
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
Merit Event - Understanding and Managing Data Protectionmeritnorthwest
From the 24th of October 2002, the Data Protection Act 1998, which applies to local government, NHS Trusts, Schools, Universities and all UK organisations who process personal information, comes into full force. The Data Protection Act 1998 gives people more rights to have their personal information handled fairly, to object to certain types of processing and to have access to any information held about them.
Who should attend:
These briefings have been designed for those who are responsible for the implementation of the Data Protection Act 1998. The practical as well as the theory will be dealt with and attendees will have the opportunity to discuss Data Protection business issues with experts and other delegates.
Briefing Content:
Morning session - Introduction
a) The Data Protection Act and its Principles
b) Responsibilities
c) Policies and Notification
d) Dealing with sub-contractors
e) Subject Access
f) Manual Records
g) Human Resource
Afternoon Session - Auditing
a) Do you need to Audit?
b) How to Audit
c) Do you know what data you process?
d) Reviewing Responsibilities
e) Procedures and Processes
f) Putting Things Right
g) Demonstrating Compliance
About the eBusiness Club
This training day is being organised as part of the eBusiness Club activities managed on behalf of the Chamber on Merseyside by MERIT (NW) Ltd and supported by leading public and private sector partners. The Merseyside eBusiness club will assist members to achieve the best possible results from their ICT and eBusiness systems. At the same time they will learn about innovations in the market place and hear directly from the leading voices in the industry
Full details about the eBusiness Club can be found online at www.merit.org.uk/ebusinessclub or alternatively by contacting Ian Bulmer, eBusiness Club Co-ordinator, MERIT (NW) Ltd, One Old Hall Street, Liverpool. L3 9HG. Tel: 0151 285 1400 email: ebusinessclub@merit.org.uk
An In House Counsel and Privacy Practitioners update on the changed regulatory landscape.
The Privacy and Data Protection Act 2014 received Royal Assent on 2 September 2014.
The new legislation replaces the Information Privacy Act 2000, and the Commissioner for Law Enforcement Data Security Act 2005, with a unified scheme governing the handling of personal information and data by Victorian Public sector agencies.
Domain management and brand protection in the era of the EU's GDPRBartLieben
Overview on how the General Data Protection Regulation clashes with ICANN's obligations imposed upon registries and registrars to have a publicly accessible WHOIS
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
Presentation at the COCIR annual meeting on 17 March 2016 regarding the top 7 operational impacts of the new EU General Data Protection Regulation for health IT companies.
Personal Data Protection Act - Employee Data PrivacylegalPadmin
Speech by Pn Adlin Abdul Majid, Advocate & Solicitor from Lee Hishamuddin, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 9, 2015
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
In this webinar, see the specific impacts of GDPR on B2B companies as they plan, budget, launch and measure success from ABM advertising programs that reach and engage the 500 Million+ citizens of EU countries and the UK. Our panel of experts will cover the IT, Legal, Marketing, Data and Technology Provider side of GDPR compliance. All of these dimensions need to be addressed as you plan for the world of GDPR.
Slides utilisés par Nathalie Ragheno, premier conseiller à la FEB, lors de sa conférence à la tribune du Forum financier du Brabant wallon, le 14 décembre 2017
An introduction to the Data Protection & GDPR Health Check service provided by DVV Solutions. Ensure your compliance with GDPR and understand the gaps you need to fill.
GDPR clinic - A strategic approach for compliance with the European General Data Protection regulation
Paolo Balboni Ph.D. - Founding Partner at ICT Legal Consulting & President of the European Privacy Association
Nicola Franchetto LL.M. - Associate at ICT Legal Consulting &
Fellow of the European Privacy Association
This breakfast club focused on the new Data Protection regime covering what the new regime will entail and what to be thinking about now in order to be ready for the new regulations.
https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
This presentation outlines the General Data Protection Regulation ("GDPR") and the key changes that will be brought about as of 25th May 2018 - ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, The European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). EU members have until May 2018 to ensure that they are fully compliant with the new regulation. Regardless of Brexit, organisations in the UK that collect and use personal data will need to comply. In this slide deck Iain gives an overview of GDPR, what the requirements mean for charities and what charities need to consider to be compliant
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data. The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Slides from Niall Rooney FP Logue presentation at Food & Drink Business Europe event at Citywest Dublin on 05/09/2019 - *For Information Only, Not Legal Advice*
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
Our administrative and public law seminar covered:
- a review of the last 12 months in FOIA and a case law update
- scope of prerogative powers - what are they and what is the scope of them; the topic is very much in the news at the moment due to Brexit
- non EU treaty obligations of relevance to administrative law
- procurement in 2016 and beyond - current trends, updates and the impact of Brexit
- case law update on various areas of public law, including judicial review.
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
Leading employment lawyer Pam Loch, and digital expert Katie King share their advice on how to get to grips with the topic of the moment - GDPR.
They look at who is liable, the impact of Brexit, how it affects marketing and what steps you can take to prepare.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover:
The overall software architecture for VHR’s Cloud Data Platform
Critical decision points leading to adoption of Ballerina for the CDP
Ballerina’s role in multiple evolutionary steps to the current architecture
Roadmap for the CDP architecture and plans for Ballerina
WSO2’s partnership in bringing continual success for the CD
The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.
Platformless Horizons for Digital AdaptabilityWSO2
In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.
Quantum computers are rapidly evolving and are promising significant advantages in domains like machine learning or optimization, to name but a few areas. In this keynote we sketch the underpinnings of quantum computing, show some of the inherent advantages, highlight some application areas, and show how quantum applications are built.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
3. 3
WHAT IS GDPR?
• The EU General Data Protection Regulation (GDPR) is the regulation
2016/679 of the European parliament and of the council, which replaces the
Data Protection Directive 95/46/EC.
• Enforceable from 25th May 2018
4. 4
SIX KEY PRINCIPLES
• Personal data must be processed lawfully, fairly and transparently.
• Personal data can only be collected for specified, explicit and legitimate
purposes.
• Personal data must be adequate, relevant and limited to what is necessary
for processing.
• Personal data must be accurate and kept up to date.
• Personal data must be kept in a form such that the data subject can be
identified only as long as is necessary for processing.
• Personal data must be processed in a manner that ensures its security.
5. 5
WHOSE DATA ARE PROTECTED?
• Individuals based in the EU, wherever in the world their data ends up being
held or used.
• It also applies to anyone else's (even non EU residents) personal data if it is
handled from the EU.
• Not about citizens!
• Time of stay of the user in the EU?
– GDPR does not specifically talk about this.
– Time of data processing (not decisive)
– Time of data collection (decisive)
6. 6
WHICH DATA ARE PROTECTED?
• Processing of any personal data, is protected under GDPR.
7. 7
PERSONAL DATA
• Any information that could be used to identify the data subject is personal
data, and this information can be in any format. This can encompass
photographs, correspondence, physical media and so on.
• One can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person.
• The regulation is not applicable to the personal data of a deceased person.
8. 8
PERSONAL DATA (SPECIAL CATEGORIES)
• Personal data revealing racial or ethnic origin, political opinions, religious
or philosophical beliefs, or trade union memberships.
• Data concerning health or an individual’s sex life or sexual orientation, as
well as genetic data and biometric data .
9. 9
WHAT FALLS UNDER PROCESSING?
• Any operation or set of operations that is performed on personal data,
whether or not by automated means.
• Collecting, recording, organizing, structuring, storing and erasing of data.
10. 10
WHAT BUSINESSES WILL GET IMPACTED?
• Any business inside or outside EU, which offers goods and services to data
subjects in EU.
• Any business inside EU which offers goods and services to anyone in the
world.
• Under the European Economic Area (EEA) Agreement, the Regulation
applies throughout the EEA as well as in the 28 Member States of the EU.
• For example an Australian company does not necessarily address its goods
or services to individuals in England or Scotland, just because their website
is available in English.
• To fall under GDPR, any company outside EU, must intend to address
European consumers.
11. 11
DATA CONTROLLER
• The entity which determines the purposes and means of the processing of
personal data.
• These will usually be the ‘public-facing’ entities that data subjects supply
their information to.
• For instance, a hospital might have an online form for entering health
information; even if the online form is provided by a third party, the hospital
(which will determine what the data is processed for) will be the data
controller.
• If the data processing involve high-risk the controller has to carry out a data
protection impact assessment (DPIA) on the impact of the corresponding
processing activities.
12. 12
DATA PROCESSOR
• The entity which processes personal data on behalf of the controller.
• In many cases, the data controller and the data processor will be the same
entity.
• In the previous example, the organisation that provides the online form will
be a data processor because the act of collecting data is included within the
definition of ‘processing’.
• A single data controller may have several data processors.
• Not a third party. A third party is some other party, other than the data
subject, controller or the processor.
13. 13
SUPERVISORY AUTHORITY
• Each member state will have its own supervisory authority.
• Upon request by the supervisory authority, both the controller and the
processor are obliged to demonstrate their compliance with GDPR.
• Accepts complaints from the data subjects.
• Plays a key role during the data protection impact assessment (DPIA),
provides advice to the controller on a case-by-case basis.
• During the DPIA if the controller finds a high risk item, the supervisory
authority needs to be consulted.
• The controller has to notify the supervisory authority in case of a personal
data breach in less than 72 hrs after becoming aware of it.
• The processor does not have an obligation to notify a data breach to the
supervisory authority, but to the controller.
14. 14
DATA PROTECTION OFFICER
• Motivated by the German Data Protection Law - where DPOs have proven to
be successful for more than 30 years.
• Both the controller and processor can have a designated data protection
officer.
• A data protection officer can provide his/her services to multiple data
controllers/processors.
• The data protection officer is the glue between the controller/processor and
the supervisory authority.
• Provides advices to the controller/processor and their employees on data
protection obligations.
15. 15
REPRESENTATIVES BY NON-EU ENTITIES
• Entities do not have an establishment in EU, but still fall under GDPR, have
to appoint a representative in the EU.
• This representative acts as the point of contact between the non-EU
controller/processor and the supervisory authority.
• Does not applicable for the companies which do occasional processing of
personal data, no large scale processing on special categories of personal
data and unlikely to result in a risk to the rights and freedom of individuals.
18. 18
• The data subject must be informed of the existence of any processing
operations on its personal data.
• The controller must provide minimum information on processing to the
data subject.
• During the data collection, the controller has to provide its identity and
contact details
– Also where applicable the contact details of the data protection officer.
• The controller must share the purpose and legal basis for data collection
and processing.
THE RIGHT TO ACCESS / BE INFORMED (1/2)
19. 19
THE RIGHT TO ACCESS / BE INFORMED (2/2)
• The controller must share the details of the recipients of the personal data.
• Need to specify the intention of the controller (if any) to transfer data to a
third country.
• The period for which the personal data is stored.
• The information about the data subject’s rights.
– The right to withdraw a given consent
– The right to lodge a complaint with the supervisory authority
• The controller is obliged to respond to a request by the data subject within 1
month of receipt of the request.
20. 20
THE RIGHT TO RECTIFICATION
• The data subject has the right to rectify processing of incomplete personal
data .
• The right to rectification helps to correct or prevent negative effects on the
rights and freedom of data subjects.
21. 21
THE RIGHT TO ERASURE
• Ground for erasure
– The personal data are no longer necessary in relation to the purpose for
which they were processed.
– The data subject withdraws consent on which the processing is based,
and there is no other legal ground for the processing.
– The personal data has been unlawfully processed
– The personal data has to be erased for compliance with a legal
obligation under EU or EU member state law.
• The data subject has the right to demand from the controller the erasure of
personal data.
22. 22
THE RIGHT TO ERASURE
• Erasing data means, it should not be possible to restore the data without
excessive efforts.
• Examples:
– Search engines which index personal data
– Social networking sites
23. 23
THE RIGHT TO RESTRICTION OF PROCESSING
• Grounds for restriction of processing
– The accuracy of data is contested by the data subject.
– Processing is unlawful, and the data subject opposes the erasure of its
personal data and requests the restriction of their use instead.
– Controller does not require the data for the purpose the data was
collected - but the data subject requires them for defence of legal
claims.
– Data subject objects for data processing
24. 24
THE RIGHT TO DATA PORTABILITY
• Provides the possibility to transmit data subject’s personal data from one
controller to another.
• In this regard, the legislator primarily targeted the operators of social
networks.
• Strengthen the competition among service providers.
• Any data that has been generated by the controller as part of processing,
such as by a personalization or recommendation process is not covered by
the right to data portability.
26. 26
DECOUPLE PERSONAL DATA FROM
TRANSACTIONAL/BUSINESS DATA
• Personal data can be the data provided by the subject or the raw data
provided to the controller by other means.
• Limit the personal data stored under IAM system - and let other business
applications store business specific data.
• For example IAM system should not worry about following data.
– If it’s a bank, the transaction history of the data subject or the credit
history.
– Data related to background checks about employees.
– Performance ratings
– Buying patterns
• Decouple biometrics from other personal data.
27. 27
IMMUTABLE PRIVATE IDENTIFIERS / MUTABLE
PUBLIC IDENTIFIERS
• Use an immutable private identifier (pseudonym) to identify a user.
• Never use personal data in audit logs - rather the pseudonym.
• Capture and record all the analytics against the pseudonym.
28. 28
DECLARE AND GET THE USER CONSENT FOR THE
IAM COOKIE POLICY
• Use cookies only to manage user sessions and identify user preferences.
• Explain the user the usage of cookies - and the options to reset.
• Do not save any data in cookies, even encrypted.
• Do not track the behavior of anonymous users via cookies.
• Upon registration - or during the login process get the user’s consent to the
cookie policy.
29. 29
DECLARE AND GET THE USER CONSENT FOR THE
IAM PRIVACY POLICY
• Explain briefly how personal data are maintained - and the security policy.
• Specify explicitly if personal data are exported to a non-EU country for
processing.
30. 30
PSEUDONYMISED SYSTEM IDENTIFIERS
• Never push IP addresses / device ids to audit logs or analytics systems.
• Create pseudonyms for all system identifiers and maintain a mapping table.
31. 31
COLLECT ONLY THE MINIMAL REQUIRED DATA
• During the user onboarding process collect only the required minimal set of
personal data - with the user consent.
• Do not collect data for the future anticipated use.
• Keep the ability collect more personal data as and when needed.
• Have an expiration policy for each attribute - by default keep no expiry.
32. 32
SHARE PERSONAL DATA WITH USER CONSENT
• Irrespective of the identity federation protocol in use - never share personal
without user consent.
• In non-federation scenarios, when releasing personal data to other
applications via APIs, make sure those applications have recorded the user
consent.
• Let the business applications manage their own consent on how the
personal data are processed at the application level.
• Maintain user consent by attribute by application - with an expiry.
• The IAM system can offload the consent management from each application
- and provide an API to record consent centrally against those.
33. 33
SELF CARE PORTAL
• Provide a portal, where users can login and export their personal data.
– IAM system should only worry about giving an option to export the
personal data it collected from the user.
– IAM system can decide, in addition to the above what other personal
data available to export.
• The portal should provide consent management facility.
– Users can view, update and revoke a consent already provided.
• The portal should have an option execute data subject rights to
– Request to rectify any issues with the personal data.
– Request to restrict processing of personal data.
– Request to delete the account
34. 34
USER OFFBOARDING
• Delete the user personal data.
• Remove the mappings to all pseudonyms to the corresponding user.
• The above will make all the audit logs and analytics anonymous - which is
safe under GDPR.
• Notify all the upstream applications, where the corresponding user’s
personal data already being shared.
35. 35
PRIVACY BY DESIGN ~ PRIVACY BY DEFAULT
• Make sure TLS 1.2 is used to protect all the data in transit with cipher suites
supporting perfect forward secrecy.
• Protect the data at rest for integrity and confidentiality.
• Rely on open standards.
• Follow the best practices defined by Financial APIs working group under
OpenID Foundation to secure APIs.
• Use message level encryption for bearer tokens - while sharing personal
data.
• Follow digital identity guidelines defined in NIST SP 800-63.
• Enable MFA for user login - a must for administrators.
37. 37
ARCHITECTURE CONSIDERATIONS
• Build an architecture to;
– collect data { transaction | analytics }
– control the usage of data { transaction | analytics }
– store and manage the data { transaction | analytics }
38. 38
GATEWAY PATTERN
• Route your incoming and outgoing traffic
through a set of ‘Gateways’
– API Gateway
– B2B Gateway
– File Gateway
– …..
• Enforce quality of services at the Gateway
– Security
– Analytics
– Governance (mainly data and
runtime governance)
39. 39
APIs
• Single source to access the data and
business processes
• Internal and external APIs
• Ability to expose different kind of
APIs
– Business, application and data
– Usage and analytics
40. 40
STANDARDIZE BUSINESS OBJECTS
• Message/event payloads using schemas
• Classify data
• References to look-up data (registry)
• Enforce usage policies
• Include GDPR headers/fields if required (mandate it)
• Annotate (info for pre/post-process of data)
• Version
• Introduce using APIs
42. 42
GOVERNANCE
• Policy bases execution ( not only security policies )
• Workflows
• Observability & surveillance
43. 43
GENERAL (architecture) GUIDELINES
• Iterative architecture
– Segment architecture
• Reuse existing technologies
• Continuous-*
• Use open standards
• Open interoperability
• Event-driven
• Use patterns, templates
more info: https://www.slideshare.net/secret/4rRq0k7fqRkTxs
44. 44
REFERENCE ARCHITECTURE - generic
Analytics
Continuous-*
Security &
Access Management
API / Service discovery
Dev toolsDevops tools
Service router
API Gateway
Core
Microservices
Data
Container(s)
Delivery channels Digital Products
Messaging Channels Integration
MicroservicesExisting Services
Other
Gateways
45. 4545
Continuous-*
Security &
Access Management
API / Service discovery
Dev toolsDevops tools
Service router
API Gateway
Core
Microservices
Data
Container(s)
Delivery channels Digital Products
Messaging Channels Integration
MicroservicesExisting Services
Analytics
Analytics
Analytics
Analytics
Analytics
RUNTIME
47. 47
OPEN TECHNOLOGY http://wso2.com
Build internal and
external developer
ecosystems with an
API marketplace.
Manage identity,
security, and
privacy across
your digital
business.
Make mobile and IoT
devices integral to
your digital business.
Create real-time, intelligent,
actionable business insights
and data products.
Platform enable your digital
business with “micro-services”
and “micro-integrations”.