Engineering the Future of Software
29–31 Oct 2018: Tutorials & Conference
31 Oct–1 Nov 2018: Training
London, UK's Journey From Monolith to GDPR-Compliant Microservices

Tobias Uldall-Espersen (, Thomas Krogsgaard Holme (
15:5016:40 Tuesday, 30 October 2018
Application architecture, Microservices, Security
Location: Blenheim Room - Palace Suite Level: Intermediate
Secondary topics:  Case Study, Hands-on

Who is this presentation for?

People interested in Microservice Architecture and Privacy by Design (GDPR)

Prerequisite knowledge

Interest/Basic knowledge about Domain Driven Design, Microservices and Privacy concerns

What you'll learn

Ideas for developing microservice systems with great privacy based on ongoing industrial work. Suggested Design Patterns for enhancing privacy in a microservice architecture supporting GDPR compliance.


The proposed presentation will describe how the Danish national e-health portal in 2016 initiated the redesign and transformation of a monolithic portal containing 50+ products to a microservice architecture.

The presentation will describe the change of application focus in recent years: starting with systems build to support health care professionals producing, sharing and using personal data in their work routines all the way up to now, where the EU General Data Protection Regulation (GDPR) turns focus to the clients and their rights to privacy and data protection.

The presentation will describe how applying microservice architecture principles helped handling challenges of managing highly confidential distributed data and controlling access to it. By applying principles of Domain Driven Design and Privacy by Design, succeeded in designing a scalable and flexible platform in compliance with the GDPR which was adopted on 27 April 2016 and becomes enforceable from 25 May 2018.

The presentation will include a thorough presentation of major steps executed in the transformation process, new and existing design patterns developed and applied, and a discussion of significant business values produced through the work.

Privacy by Design is concept developed by Ann Cavoukian suggesting 7 foundational principles helping to ensure privacy and gaining personal control over one’s information. From these principles a number of strategies and design patterns has been developed (cf. Privacy and Data Protection by Design: which we have further elaborated on and applied in an industial context.

Photo of Tobias Uldall-Espersen

Tobias Uldall-Espersen

Tobias Uldall-Espersen holds a PhD in Computer Science from University of Copenhagen and he has been working with various kinds of IT-systems development for about 25 years. Furthermore he has been teaching systems development, IT-Security, XML and software programming for a number of years.

Currently he is employed as IT architect at the national Danish e-health portal, where he has taken part in redesigning an old monolithic application to a microservice based application, and at the same time implementing various Privacy by Design strategies in order to achieve compliance with the General Data Protection Regulation (GDPR).

Photo of Thomas Krogsgaard Holme

Thomas Krogsgaard Holme

Thomas Holme is an engineer from The Technical University of Denmark (DTU) with over 25 years of experience in development and system design. He has worked with SCADA systems and concurrent designs for more than 10 years before starting at

Thomas has been with for 8 years, where he has been the initiator behind the deconstruction of the old monolithic application.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)