The latest developments in the IT world have changed the way we develop software applications, making us rethink our architecture strategies in order to address the changes in business, functional, and non-functional requirements.
The reality is that the business world no longer has any great interest in IT operations and the associated costs for maintaining it. Did it really ever have such an interest? The focus of a business organization’s interest is on generating customer value and not on maintaining an IT department, which is viewed as a financial drag.
The business-functional requirements have evolved beyond that of the typical store, retrieve and transaction applications. Customer demand is on guidance and vision provisioning in a coordinated ecosystem supported by an evolutionary architecture platform that is data intelligent.
The non-functional requirements have changed the units of data processing to GBs and TBs, storage has increased to Petabytes, the world’s storage capacity is measured in Exabytes and the global Internet traffic in Zettabytes; this has impacted the way we optimize for performance where the algorithm’s order of magnitude has become only a part of the optimization strategies, new architecture strategies have been envisioned to solve this problem by how applications are designed, integrated, and deployed to maximize the use of computational resources.
The new and currently evolving cloud architecture pressures applications to be small, independent and scalable. The actual use cases are also evolving. Their evolution not only changes the applications themselves. It integrates existing applications or creates new ones, which build new functionality on top of the existing ones.
Considering the multitude of applications, their data, the data shared between them, the cultural and political aspects of the teams who implement them, in addition to the new intelligent functionalities, a multitude of challenges for real DPP compliance have been created.
Technical Challenges (Partition)
One of the greatest hurdles of DPP compliance for applications is the costly changes in data model and application logic. This all comes at the cost of processing, which might impact performance, and besides compliancy, it does not add any business value to the application whatsoever.
When considering business integration scenarios, there is the added problem of possible data sharing, replication or composition, where data from one application is input for data in another application, which is a typical situation in the cloud.
The extra challenge in data-sharing scenarios is that the DPP compliancy data does not travel along with the shared data, and even if it could, its structure and model would be different and could not be properly interpreted by other systems. The question that arises is when an application must block or delete a data subject’s personal data how it will account for data that has been shared with other systems.
Furthermore, if the existing legal grounds allow an application to process a data subject’s personal data, it does not necessarily follow that another application can also process this data unless the purposes of processing by both are the same, which would clearly point to duplication of DPP configuration in both applications, hence unnecessary effort expended to generate and manage DPP configurations.
DPP compliancy in business integration scenarios brings about problems where viable solutions involve actual architectural efforts – from the aspect of the applications themselves, to the platform and landscape where they operate, and any and all elements which are used to share, replicate, store, process and transform data.
Governance Challenges (Build the Bridge)
An integration scenario brings along with it governance challenges that are aggravated when the applications pre-exist the integration and are productive. Development and management teams’ culture plays a role here, also the customers and end users, as with acquisitions or integration between systems created by different companies.
These challenges arise because at some level a DPP integration agreement must be made by all involved parties and it requires an alignment of purpose of processing, residence and retention periods, blocking, deletion and ownership of data.
Even though the challenge can be resolved by development or through operational procedures, there must be a responsible governing entity that ensures that, irrespective of how the compliancy is reached and agreed, it remains maintained through the evolution of the applications and the integration scenarios.
Evolution (Meet the Challenge)
More information on how to address these challenges will be addressed in the next blog posts. Stay tuned!