Engineering the Future of Software
29–31 Oct 2018: Tutorials & Conference
31 Oct–1 Nov 2018: Training
London, UK

Sundhed.dk's journey from monolith to GDPR-compliant microservices

Tobias Uldall-Espersen (Sundhed.dk), Thomas Krogsgaard Holme (Sundhed.dk )
15:5016:40 Tuesday, 30 October 2018
Application architecture, Microservices, Security
 Location: Blenheim Room - Palace Suite
Secondary topics:  Case Study, Hands-on
Average rating: ***..
(3.17, 6 ratings)
Download slides (PDF)

Prerequisite knowledge

  • A basic understanding of domain-driven design, microservices, and privacy concerns

What you'll learn

  • Learn how to develop microservice systems with great privacy, based on ongoing industrial work
  • Explore design patterns for enhancing privacy in a microservice architecture that supports GDPR compliance

Description

Privacy by design, a concept developed by Ann Cavoukian, comprises seven foundational principles that help users ensure privacy and gain personal control over their information.

Tobias Uldall-Espersen and Thomas Krogsgaard Holme explain how they applied microservice architecture and privacy by design principles to break down a monolithic portal containing 50+ products—the Danish national ehealth portal Sundhed.dk—redesign it, and produce a scalable and flexible platform in compliance with the EU General Data Protection Regulation (GDPR). Tobias and Thomas discuss the change of application focus in recent years, from initial systems built to support healthcare professionals producing, sharing, and using personal data in their work routines all the way to the present, where the GDPR necessitates a focus on clients and their rights to privacy and data protection.

You’ll learn how applying microservice architecture principles helped in handling challenges of managing highly confidential distributed data and controlling access to it. By applying principles of domain-driven design and privacy by design, Sundhed.dk succeeded in designing a scalable and flexible platform in compliance with the GDPR that was adopted on April 27, 2016, well before GDPR became enforceable on May 25, 2018. You’ll also walk through the major steps executed in the transformation process, new and existing design patterns developed and applied, and the significant business value produced through the work.

Photo of Tobias Uldall-Espersen

Tobias Uldall-Espersen

Sundhed.dk

Tobias Uldall-Espersen is an IT architect at the national Danish ehealth portal Sundhed.dk, where he has taken part in redesigning an old monolithic application to a microservice-based application and implementing various privacy by design strategies in order to achieve compliance with the EU’s General Data Protection Regulation (GDPR). He has worked with various kinds of IT systems development for about 25 years and has taught systems development, IT security, XML, and software programming for a number of years. Tobias holds a PhD in computer science from the University of Copenhagen.

Thomas Krogsgaard Holme

Sundhed.dk

Nut(-cracking), problemsolving, optimistic, curious and ever-learning system constructor.

I do engineering, development, architecture and whatever it takes to get it done.