Sundhed.dk's journey from monolith to GDPR-compliant microservices

Tobias Uldall-Espersen and Thomas Krogsgaard Holme explain how they applied microservice architecture and privacy by design principles to break down a monolithic portal containing 50+ productsthe Danish national ehealth portal Sundhed.dkredesign it, and produce a scalable and flexible platform in compliance with the EU General Data Protection Regulation (GDPR).

Privacy by design, a concept developed by Ann Cavoukian, comprises seven foundational principles that help users ensure privacy and gain personal control over their information. Tobias Uldall-Espersen and Thomas Krogsgaard Holme explain how they applied microservice architecture and privacy by design principles to break down a monolithic portal containing 50+ products—the Danish national ehealth portal Sundhed.dk—redesign it, and produce a scalable and flexible platform in compliance with the EU General Data Protection Regulation (GDPR). Tobias and Thomas discuss the change of application focus in recent years, from initial systems built to support healthcare professionals producing, sharing, and using personal data in their work routines all the way to the present, where the GDPR necessitates a focus on clients and their rights to privacy and data protection. You’ll learn how applying microservice architecture principles helped in handling challenges of managing highly confidential distributed data and controlling access to it. By applying principles of domain-driven design and privacy by design, Sundhed.dk succeeded in designing a scalable and flexible platform in compliance with the GDPR that was adopted on April 27, 2016, well before GDPR became enforceable on May 25, 2018. You’ll also walk through the major steps executed in the transformation process, new and existing design patterns developed and applied, and the significant business value produced through the work.