How do you approach designing systems that must comply with strict user privacy regulations like GDPR at McAfee?