Biography

Research

Journal Articles

• Ki-Aries, D. and Faily, S., 2017. Persona-Centred Information Security Awareness. Computers & security.
  • more information
  • view in BU repository
• Favale, M., McDonald, N., Faily, S. and Gatzidis, C., 2016. Human Aspects of Digital Rights Management: the Perspective of Content Developers. SCRIPTed, 13 (3), 289-304.
  • more information
  • view in BU repository
• Faily, S., Power, D. and Fléchais, I., 2016. Gulfs of Expectation: Eliciting and Verifying Differences in Trust Expectations using Personas. Journal of Trust Management, 3 (4), 1-22.
  • more information
  • view in BU repository
• Faily, S. and Fléchais, I., 2016. Finding and Resolving Security Misusability with Misusability Cases. Requirements Engineering, 21 (2), 209-223.
  • more information
  • view in BU repository
• Iacob, C., Faily, S. and Bell, D., 2015. Special section: software quality for mobile apps. Software Quality Journal, 23 (3), 483-484.
  • more information
• Faily, S., 2015. Engaging Stakeholders during Late Stage Security Design with Assumption Personas. Information and Computer Security, 23 (4), 435-446.
  • more information
  • view in BU repository
• Faily, S. and Flechais, I., 2011. Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework. International Journal of Secure Software Engineering, 2, 1-18.
  • more information
• Faily, S. and Flechais, I., 2010. Designing and Aligning e-Science Security Culture with Design. Information Management & Computer Security, 18.
  • more information
• Faily, S. and Flechais, I., 2010. Towards tool-support for Usable Secure Requirements Engineering with CAIRIS. International Journal of Secure Software Engineering, 1, 56-70.
  • more information

Books

• Faily, S., 2018. Designing Usable and Secure Software with IRIS and CAIRIS. Springer.
  • more information
• Beckers, K., Faily, S., Lee, S.-W. and Mead, N., 2017. Proceedings of the 4th International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2017). IEEE.
  • more information
• Beckers, K., Lee, S.-W. and Mead, N., 2016. Proceedings of the 3rd International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2016). IEEE.
  • more information
• Faily, S., Jiang, N., Dogan, H. and Taylor, J., 2016. Proceedings of the 30th International BCS Human Computer Interaction Conference (HCI 2016). British Computer Society.
  • more information
• Proceedings of the 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2015). IEEE.
  • more information
• Proceedings of the 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2014). IEEE.
  • more information
• Proceedings of the Workshop on Web Applications and Secure Hardware (WASH'13). CEUR-WS.
  • more information
• Proceedings of the BCS HCI 2012 Workshop on Designing Interactive Secure Systems. BCS.
  • more information
• Faily, S., Živny, S., Fogelberg, C., Salamon, A. and Schäfer, M., 2008. Proceedings of the Oxford University Computing Laboratory Student Conference 2008. Oxford University Computing Laboratory.
  • more information
  • view in BU repository

Chapters

• Atzeni, A., Faily, S. and Galloni, R., 2017. Usable Security: HCI-Sec Issues and Motivations. Encyclopedia of Information Science and Technology. IGI Global.
  • more information
  • view in BU repository
• Atzeni, A., Lyle, J. and Faily, S., 2017. Developing secure, unified, multi-device, and multi-domain platforms: A case study from the webinos project. Application Development and Design: Concepts, Methodologies, Tools, and Applications. 539-564.
  • more information
• Faily, S., 2014. Evaluating the Implications of Attack and Security Patterns with Premortems. In: Blackwell, C. and Zhu, H., eds. Cyberpatterns: Unifying Design Patterns with Security and Attack Patterns. Springer.
  • more information
• Atzeni, A., Lyle, J. and Faily, S., 2014. Developing secure, unified multi-device and multi-domain platforms: A case study from the webinos project. Architectures and Protocols for Secure Information Technology. IGI Global, 310-333.
  • more information
• Faily, S., Lyle, J. and Parkin, S., 2012. Tool-support Premortems with Attack and Security Patterns. First International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns. 10-11.
  • more information

Conferences

• M'MANGA, A., Faily, S., McAlaney, J. and Williams, C., 2018. Rationalising Decision Making about Risk: A Normative Approach. In: 12th International Symposium on Human Aspects of Information Security & Assurance 29-31 August 2018 Dundee, UK. University of Plymouth.
  • more information
• Coles, J., Faily, S. and Ki-Aries, D., 2018. Tool-supporting Data Protection Impact Assessments with CAIRIS. In: 5th International Workshop on Evolving Security & Privacy Requirements Engineering 20 August 2018 Banff, Canada.
  • more information
  • view in BU repository
• Ki-Aries, D., Faily, S., Dogan, H. and Williams, C., 2018. Assessing System of Systems Security Risk and Requirements with OASoSIS. In: 5th International Workshop on Evolving Security & Privacy Requirements Engineering 20 August 2018 Banff, Canada.
  • more information
  • view in BU repository
• Ki-Aries, D., Faily, S., Dogan, H. and Williams, C., 2018. System of systems characterisation assisting security risk assessment. 485-492.
  • more information
  • view in BU repository
• M'MANGA, A., Faily, S., McAlaney, J., Williams, C., Kadobayashi, Y. and Miyamoto, D., 2018. Eliciting Persona Characteristics for Risk Based Decision Making. In: 32nd International BCS Human Computer Interaction Conference 2-6 July 2018 Belfast, UK.
  • more information
  • view in BU repository
• M'MANGA, A., Faily, S., McAlaney, J., Kadobayashi, Y. and Miyamoto, D., 2018. Qualitative Adaptation: Informing Design for Risk-based Decision Making. In: 2nd Workshop on the Challenges and Opportunities for Qualitative Data Research Methods in HCI 2-6 July 2018 Belfast, UK.
  • more information
  • view in BU repository
• Iacob, C. and Faily, S., 2018. Redesigning an undergraduate software engineering course for a large cohort. 163-171.
  • more information
  • view in BU repository
• Iacob, C. and Faily, S., 2017. Using Extreme Characters to Teach Requirements Engineering. 107-111.
  • more information
  • view in BU repository
• Faily, S. and Iacob, C., 2017. Design as code: Facilitating collaboration between usability and security engineers using CAIRIS. 76-82.
  • more information
  • view in BU repository
• Ki-Aries, D., Dogan, H., Faily, S., Whittington, P. and Williams, C., 2017. From requirements to operation: Components for risk assessment in a pervasive system of systems. 83-89.
  • more information
  • view in BU repository
• Beckers, K., Faily, S., Lee, S.W. and Mead, N., 2017. Welcome to the fourth international workshop on evolving security and privacy requirements engineering (ESPRE'17). xix.
  • more information
• M'manga, A., Faily, S., McAlaney, J. and Williams, C., 2017. Folk Risk Analysis: Factors Influencing Security Analysts’ Interpretation of Risk. In: 3rd Workshop on Security Information Workers 12-14 July 2017 Santa Clara, USA. Usenix Association.
  • more information
  • view in BU repository
• Ki-Aries, D., Faily, S., Dogan, H. and Williams, C., 2017. Re-framing 'the AMN': A case study eliciting and modelling a System of Systems using the Afghan Mission Network. 103-108.
  • more information
  • view in BU repository
• M'Manga, A., Faily, S., McAlaney, J. and Williams, C., 2017. System design considerations for risk perception. 322-327.
  • more information
  • view in BU repository
• Jane, H.B. and Faily, S., 2017. Applying contextual integrity to open data publishing. 1-7.
  • more information
  • view in BU repository
• Iacob, C., Faily, S. and Harrison, R., 2016. MARAM: Tool support for mobile app review management.
  • more information
  • view in BU repository
• Ki-Aries, D., Faily, S. and Beckers, K., 2016. Persona-Driven Information Security Awareness. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK.
  • more information
  • view in BU repository
• Faily, S., Stergiopoulos, G., Katos, V. and Gritzalis, D., 2016. “Water, water, every where”: Nuances for a water industry critical infrastructure specification exemplar. 243-246.
  • more information
  • view in BU repository
• Iacob, C. and Faily, S., 2016. Improving human-reviews interaction: A study of the role, use, and place of online reviews.
  • more information
  • view in BU repository
• Faily, S., Iacob, C. and Field, S., 2016. Ethical hazards and safeguards in penetration testing.
  • more information
  • view in BU repository
• Faily, S., Gritzalis, D., Lykou, G., Mylonas, A., Partridge, A. and Katos, V., 2016. Human-centered specification exemplars for critical infrastructure environments.
  • more information
  • view in BU repository
• Partridge, A. and Faily, S., 2016. The application of useless Japanese inventions for requirements elicitation in information security.
  • more information
  • view in BU repository
• Ali, R., McAlaney, J., Faily, S., Phalp, K. and Katos, V., 2015. Mitigating circumstances in cybercrime: A position paper. 1972-1976.
  • more information
  • view in BU repository
• Favale, M., McDonald, N., Faily, S. and Gatzidis, C., 2015. Human Aspects in Digital Rights Management: The Perspective of Content Developers​. In: Fourth International Workshop on Artificial Intelligence and IP Law 9 December-9 November 2015 Braga, Portugal.
  • more information
  • view in BU repository
• Vallindras, A. and Faily, S., 2015. The Mystery of Security Design. In: British HCI 2015 15-17 July 2015 Lincoln, UK. ACM.
  • more information
  • view in BU repository
• Faily, S. and Jones, M., 2015. Embedding Professional Practice into the Cybersecurity Curriculum using Ethics. In: 1st UK Workshop on Cybersecurity Training & Education 11 June 2015 Liverpool.
  • more information
  • view in BU repository
• McAlaney, J., Taylor, J. and Faily, S., 2015. The Social Psychology of Cybersecurity. In: 1st International Conference on Cyber Security for Sustainable Society 26-27 February 2015 Coventry. Working Papers of the SSN+.
  • more information
  • view in BU repository
• Faily, S., Lyle, J., Fléchais, I. and Simpson, A., 2015. Usability and Security by Design: A Case Study in Research and Development. In: NDSS Workshop on Usable Security 8 February-8 January 2015 2015.
  • more information
  • view in BU repository
• Faily, S., McAlaney, J. and Iacob, C., 2015. Ethical dilemmas and dimensions in penetration testing. 233-242.
  • more information
  • view in BU repository
• McDonald, N., Faily, S., Favale, M. and Gatzidis, C., 2015. Digital rights management: The four perspectives of developers, distributors, users, and lawyers. 276-285.
  • more information
  • view in BU repository
• Faily, S. and Fléchais, I., 2014. Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models. In: 6th International Workshop on Social Software Engineering 17 November-17 August 2014 Hong Kong. ACM.
  • more information
• Faily, S., Lyle, J., Fléchais, I., Atzeni, A., Cameroni, C., Myrhaug, H., Göker, A. and Kleinfeld, R., 2014. Authorisation in Context: Incorporating Context-Sensitivity into an Access Control Framework. In: 28th British HCI Group Annual Conference on People and Computers: Sand, sea and Sky 9-12 September 2014 Southport, UK. British Computer Society.
  • more information
  • view in BU repository
• Faily, S., 2014. Engaging Stakeholders in Security Design: An Assumption-Driven Approach. In: International Symposium on Human Aspects on Information Security & Assurance (HAISA 2014) 8-10 July 2014 Plymouth University.
  • more information
  • view in BU repository
• Faily, S., 2014. Ethical Hacking Assessment as a Vehicle for Undergraduate Cyber-Security Education. In: BCS 19th Annual INSPIRE Conference 15 April 2014 Southampton.
  • more information
  • view in BU repository
• Iacob, C., Harrison, R. and Faily, S., 2013. Online Reviews as First Class Artifacts in Mobile App Development. In: Fifth International Conference on Mobile Computing, Applications and Services 7-8 November 2013 Paris, France. 47-53.
  • more information
• Lyle, J., Faily, S. and Winandy,, M., 2013. The Workshop on Web Applications and Secure Hardware. In: Workshop on Web Applications and Secure Hardware (WASH’13), Co-located with the 6th International Conference on Trust and Trustworthy Computing (TRUST 2013) 20 June 2013 London. CEUR-WS.org.
  • more information
  • view in BU repository
• Faily, S. and Lyle, J., 2013. Security Lessons Learned Building Concept Apps for webinos. In: BCS HCI 2013 Workshops: Human Aspects in Mobile App Engineering 9 September 2013 Brunel University, London.
  • more information
  • view in BU repository
• Su, T., Lyle, J., Atzeni, A., Faily, S., Virji, H., Ntanos, C. and Botsikas, C., 2013. Continuous Integration for Web-Based Software Infrastructures: Lessons Learned on the webinos Project. Springer.
  • more information
• Faily, S., Lyle, J., Flechais, I., Atzeni, A., Cameroni, C., Myrhaug, H., Goker, A. and Kleinfeld, R., 2013. Policies in Context: Factors Influencing the Elicitation and Categorisation of Context-Sensitive Security Policies.
  • more information
• Faily, S., 2013. Security Patterns Considered Harmful? 108-109.
  • more information
• Faily, S. and Lyle, J., 2013. Guidelines for Integrating Personas into Software Engineering Tools. 69-74.
  • more information
• Faily, S., Power, D., Armstrong, P. and Flechais, I., 2013. Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract). 267-268.
  • more information
• Faily, S., Coles-Kemp, L., Dunphy, P., Just, M., Akama, Y. and Luca, A.D., 2013. Designing Interactive Secure Systems: CHI 2013 Special Interest Group. ACM, 2469-2472.
  • more information
  • view in BU repository
• Lyle, J., Nilsson, C., Isberg, A. and Faily, S., 2013. Extending the web to support personal network services. 711-716.
  • more information
• Faily, S., Lyle, J., Namiluko, C., Atzeni, A. and Cameroni, C., 2012. Model-driven architectural risk analysis using architectural and contextualised attack patterns. ACM, 3:1-3:6.
  • more information
• Faily, S., Lyle, J., Paul, A., Atzeni, A., Blomme, D., Desruelle, H. and Bangalore, K., 2012. Requirements Sensemaking using Concept Maps. Springer, 217-232.
  • more information
• Faily, S. and Flechais, I., 2012. Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS. In: BCS HCI 2012 Workshops: Designing Interactive Secure Systems 12-14 September 2012 Birmingham, UK. 3:1-3:4.
  • more information
  • view in BU repository
• Faily, S., Lyle, J. and Parkin, S., 2012. Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems. In: BCS HCI 2012 Workshops: Designing Interactive Secure Systems 12-14 September 2012 Birmingham, UK. 5:1-5:4.
  • more information
  • view in BU repository
• Lyle, J., Paverd, A., King-Lacroix, J., Atzeni, A., Virji, H., Flechais, I. and Faily, S., 2012. Personal PKI for the smart device era.
  • more information
• Lyle, J., Faily, S., Flechais, I., Paul, A., Goker, A., Myrhaug, H., Desruelle, H. and Martin, A., 2012. On the design and development of webinos: a distributed mobile application middleware. 140-147.
  • more information
• Lyle, J., Monteleone, S., Faily, S., Patti, D. and Ricciato, F., 2012. Cross-platform access control for mobile web applications. 37-44.
  • more information
• Fuhrhop, C., Lyle, J. and Faily, S., 2012. The webinos project. ACM, 259-262.
  • more information
• Faily, S., 2012. Analysing Chindogu: Applying Defamiliarisation to Security Design.
  • more information
• Gionis, G., Desruelle, H., Blomme, D., Lyle, J., Faily, S. and Bassbouss, L., 2011. “Do we know each other or is it just our Devices?”: A Federated Context Model for Describing Social Activity Across Devices.
  • more information
• Faily, S., 2011. Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases. In: CEUR iStar 2011 5th International i* Workshop 28-29 August 2011 Trento, Italy. 114-119.
  • more information
  • view in BU repository
• Faily, S. and Flechais, I., 2011. Eliciting Usable Security Requirements with Misusability Cases. IEEE Computer Society, 339-340.
  • more information
• Faily, S., 2011. Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism. In: CHI Workshop on HCI, Politics and the City: Engaging with Urban Grassroots Movements for Reflection and Action 7-12 May 2011 Vancouver, BC, Canada.
  • more information
  • view in BU repository
• Faily, S., 2011. Two Requirements for Usable and Secure Software Engineering. In: 1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop 5-6 April 2011 National Institute of Standards and Technology Gaithersburg, MD USA.
  • more information
  • view in BU repository
• Faily, S. and Flechais, I., 2011. Persona Cases: A Technique for grounding Personas. Vancouver, BC, Canada: ACM, 2267-2270.
  • more information
• Atzeni, A.S., Cameroni, C., Faily, S., Lyle, J. and Flechais, I., 2011. Here's Johnny: A Methodology for Developing Attacker Personas. IEEE, 722-727.
  • more information
• Faily, S. and Flechais, I., 2011. User-Centered Information Security Policy Development in a Post-Stuxnet World. IEEE Computer Society, 716-721.
  • more information
• Faily, S. and Flechais, I., 2010. A Meta-Model for Usable Secure Requirements Engineering. 29-35.
  • more information
• Faily, S. and Flechais, I., 2010. Improving Secure Systems Design with Security Culture.
  • more information
• Faily, S. and Flechais, I., 2010. Analysing and Visualising Security and Usability in IRIS.
  • more information
• Faily, S. and Flechais, I., 2010. Security through Usability: a user-centered approach for balanced security policy requirements.
  • more information
• Flechais, I. and Faily, S., 2010. Security and Usability: Searching for the philosopher’s stone.
  • more information
• Faily, S. and Flechais, I., 2010. The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design. Springer, 111-118.
  • more information
• Faily, S. and Flechais, I., 2010. To boldly go where invention isn’t secure: applying Security Entrepreneurship to secure systems design. New York, NY, USA: ACM, 73-84.
  • more information
• Faily, S. and Flechais, I., 2010. A Model of Security Culture for e-Science. University of Plymouth, 154-164.
  • more information
• Faily, S. and Flechais, I., 2010. Barry is not the weakest link: eliciting secure system requirements with personas. ACM, 124-132.
  • more information
• Faily, S. and Flechais, I., 2009. Context-Sensitive Requirements and Risk Management with IRIS.
  • more information
• Faily, S., 2008. Towards Requirements Engineering Practice for Professional End User Developers: A Case Study. IEEE, 38-44.
  • more information
• Faily, S. and Flechais, I., 2008. Making the invisible visible: a theory of security culture for secure and usable grids.
  • more information
• Faily, S., 2007. Living with Flight Dynamics : Proposals and Possible Pitfalls for Harmonising Flight Dynamics Systems with EGOS.
  • more information

Theses

• Faily, S., 2011. A framework for usable and secure system design. PhD Thesis.
  • more information

Software

• Faily, S., 2009. CAIRIS.
  • more information

Others

• Faily, S., 2009. Context Matters: designing security for contexts of use. Unpublished.
  • more information

PhD Students

• Jane Henriksen-Bulmer. A Framework for Public Bodies for Managing the Secure and Appropriate Release of Open Source Data
• Andrew M'Manga. Designing Systems for Risk-based Decision Making and Assurance
• Duncan Ki-Aries. Risk Assessment for Complex Systems of Systems
• Mohammad Naiseh. Designing Self-Adaptive Electronic Prescription Service (EPS) for Improved User Experience for Repeat Prescriptions
• Amna Altaf. Integrating Safety, Security, and Human Factors Engineering

Profile of Teaching PG

• Security by Design (Level 7)

Profile of Teaching UG

• Ethical Hacking and Countermeasures (Level 5)
• Security by Design (Level 6)

Invited Lectures

• Bringing Security, Usability, and Software Engineering together with Personas. Oxford Brookes University. 2013.
• HCI-Security: An Overview. Cranfield University. April 2014.

Grants

• HuaHana: Phase 3 (Innovate UK, 06 Sep 2018). In Progress
• Integrating Safety, Security, and Human Factors Engineering (Ricardo, 03 Sep 2018). Awarded
• HuaHana: Phase 2 (Innovate UK, 09 May 2018). Completed
• Data Protection Impact Assessment of StreetScene (Bournemouth University, 13 Feb 2018). Completed
• HuaHana:a productivity platform for usable and secure software design (Innovate UK, 01 Feb 2018). Completed
• Commercialisation of CAIRIS (DCMS / SETsquared, 27 Jan 2017). Completed
• Bournemouth-Athens Network in Critical Infrastructure Security (BANCIS) (BU Fusion Investment Fund, 01 Sep 2016). Completed
• Risk Assessment for Complex Systems of Systems (Defence Science and Technology Laboratory, 01 Sep 2016). In Progress
• Designing Systems for Risk-Based Decision Making and Assurance (Defence Science and Technology Laboratory, 09 Dec 2015). In Progress
• Bournemouth University Computer Human Interaction (BUCHI) (BU Fusion Investment Fund, 01 Mar 2015). Completed
• Making sense of DRM in game development (Madrigal) (Bournemouth University - Fusion Investment Fund, 01 Feb 2015). Completed
• Bournemouth European Network In Cyber Security (BENICS) (BU Fusion Investment Fund, 01 Mar 2014). Completed
• Evaluating the Usability, Security, and Trustworthiness of Ad-hoc Collaborative Environments (EUSTACE) (EPSRC, 30 May 2012). Completed

External Responsibilities

• European Intelligence and Security Informatics Conference (EISIC) 2015, Programme Committee (2015-)
• IEEE Joint Intelligence and Security Informatics Conference (JISIC), Programme Committee (2014-)
• 1st International Workshop on Evolving Security & Privacy Requirements Engineering, Organising Co-Chair (2014-), http://espre2014.org/
• International Conference on Trust & Trustworthy Computing (Socio-economics Strand, Programme Committee (2013-)
• Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack, and Forensic Patterns, Programme Committee (2013-)
• European Intelligence and Security Informatics Conference, Programme Committee (2013-)
• Human Aspects in Mobile App Engineering: Workshop at British HCI 2013, Workshop Co-Chair (2013-)
• Workshop on Web Applications and Secure Hardware (Co-located with Trust 2013), Workshop Co-Chair (2013-)
• Designing Interactive Secure Systems SIG at ACM Conference on Human Factors in Computer System, Organiser (2013-)
• 6th International Conference on Trust & Trustworthy Computing, Publicity Co-Chair (2013-)
• Designing Interactive Secure Systems: Workshop at British HCI 2012, Workshop Co-Chair (2012-)
• ACM SIGCHI Symposium on Engineering Interactive Computing Systems, Reviewer (2011-2012)
• BCS Conference on Human-Computer Interaction, Reviewer (2011-2014)
• ACM Conference on Human Factors in Computer Systems, Reviewer (2010-2016)
• Journal of Systems and Software (Elsevier), Reviewer
• Pervasive and Mobile Computing (Elsevier), Reviewer
• Behaviour & Information Technology (Taylor & Francis), Reviewer
• International Journal of Secure Software Engineering (IGI Global), Reviewer
• Computers & Security (Elsevier), Reviewer

Internal Responsibilities

• Co-ordinator, BU Cyber Security Research Group

Conference Presentations

• First International Conference on Cyber Security for Sustainable Society 2015, The Social Psychology of Cybersecurity, 26 Feb 2015, Coventry

Qualifications

• DPhil in Computer Science (University of Oxford, 2011)
• BSc (Hons) in Business Computing Systems (City University, 1998)
• Postgraduate Certificate in Software Engineering (University of Oxford, 2008)
• PG Cert in Education Practice (Bournemouth University, 2015)

Memberships

• ACM, Member,
• Association for Computing Machinery, Member,
• British Computer Society, Member,
• Higher Education Academy, Fellow,

External Media and Press

• Small charities face bankruptcy for not complying with GDPR, but put clients at risk if they do, The Conversation, 21 May 2018. https://theconversation.com/small-charities-face-bankruptcy-for-not-complying-with-gdpr-but-put-clients-at-risk-if-they-do-95463