Engineering the Future of Software
29–31 Oct 2018: Tutorials & Conference
31 Oct–1 Nov 2018: Training
London, UK's journey from monolith to GDPR-compliant microservices

Tobias Uldall-Espersen (, Thomas Krogsgaard Holme (
15:5016:40 Tuesday, 30 October 2018
Application architecture, Microservices, Security
Location: Blenheim Room - Palace Suite
Secondary topics:  Case Study, Hands-on
Average rating: ****.
(4.00, 1 rating)

Prerequisite knowledge

  • A basic understanding of domain-driven design, microservices, and privacy concerns

What you'll learn

  • Learn how to develop microservice systems with great privacy, based on ongoing industrial work
  • Explore design patterns for enhancing privacy in a microservice architecture that supports GDPR compliance


Privacy by design, a concept developed by Ann Cavoukian, comprises seven foundational principles that help users ensure privacy and gain personal control over their information.

Tobias Uldall-Espersen and Thomas Krogsgaard Holme explain how they applied microservice architecture and privacy by design principles to break down a monolithic portal containing 50+ products—the Danish national ehealth portal—redesign it, and produce a scalable and flexible platform in compliance with the EU General Data Protection Regulation (GDPR). Tobias and Thomas discuss the change of application focus in recent years, from initial systems built to support healthcare professionals producing, sharing, and using personal data in their work routines all the way to the present, where the GDPR necessitates a focus on clients and their rights to privacy and data protection.

You’ll learn how applying microservice architecture principles helped in handling challenges of managing highly confidential distributed data and controlling access to it. By applying principles of domain-driven design and privacy by design, succeeded in designing a scalable and flexible platform in compliance with the GDPR that was adopted on April 27, 2016, well before GDPR became enforceable on May 25, 2018. You’ll also walk through the major steps executed in the transformation process, new and existing design patterns developed and applied, and the significant business value produced through the work.

Photo of Tobias Uldall-Espersen

Tobias Uldall-Espersen

Tobias Uldall-Espersen is an IT architect at the national Danish ehealth portal, where he has taken part in redesigning an old monolithic application to a microservice-based application and implementing various privacy by design strategies in order to achieve compliance with the EU’s General Data Protection Regulation (GDPR). He has worked with various kinds of IT systems development for about 25 years and has taught systems development, IT security, XML, and software programming for a number of years. Tobias holds a PhD in computer science from the University of Copenhagen.

Photo of Thomas Krogsgaard Holme

Thomas Krogsgaard Holme

Thomas Holme is an IT architect at, where he has been the initiator behind the deconstruction of the old monolithic application. An engineer with over 25 years of experience in development and system design, Thomas worked with SCADA systems and concurrent designs for more than 10 years before starting at He holds a degree from the Technical University of Denmark (DTU).

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)