Achieving GDPR Compliance in Heraklion, Crete

The city of Heraklion, capital of the Greek island of Crete, is many things – it’s a tourist attraction, a port and ferry dock, and a smart city. In fact, Heraklion was recognized as one of the world’s 21 smartest communities in 2014 and even has a technological university. As a tech-driven city, the Municipality of Heraklion decided to build a web portal for more than 6,000 users and a case management system for 700 employees. Also in this plan was the creation of an email system based on Postfix and Horde, mobile applications for the convenience of both citizens and employees, an e-payment gateway, and several WordPress sites for affiliated organizations of the municipality.

Solution Requirements

The IT infrastructure of the Municipality has multiple applications and users. And both ITDT and the Municipality wanted to create unique user profiles (and avoid duplications), a single-sign-on process for users, provide authentication mechanisms and very importantly, achieve GDPR compliance. A team comprising of the University of Crete, the National Technical University of Athens (NTUA), and ITDT Solutions (a company based in Cyprus working with a range of customers in Cyprus and the Balkans) worked with the Municipality of Heraklion to achieve these ambitious goals.

The new solution had a list of proposed items for successful project completion. The starting point for this project was the creation of a new LDAP infrastructure based on OpenLDAP (the LDAP infrastructure which existed at the time needed upgrading). User migration had to occur from the web portal’s database and other applications. Identity management is a huge requirement and the team used WSO2 Identity Server and the national identity provider for advanced security services. And the final important item was the migration of applications to SAML2 and OAuth2.

GDPR Compliance Made Easy

GDPR compliance and its importance led the project team to WSO2 Identity Server, which as an identity solutions provider, is GDPR ready. This meant that ITDT and the rest of the team did not have to do much to become GDPR compliant by themselves. ITDT created a single user store for convenience which simplified the process (the other option was to become compliant for each and every user store and application). The self-care user portal of WSO2 Identity Server plays a crucial role in GDPR compliance since it functions as a medium for users to exercise their individual rights as defined by GDPR for data managed and retained by WSO2 Identity Server. This self-care portal allows users to access and rectify any information about themselves at any point of time. Users can also request portal administrators to delete their entire user account if needed. It also enables users to revoke consent and exercise their right to be forgotten, in addition to providing them with a portal format of storing data, the right to pause/ restrict data processing, and of course, transparency on how their data will be processed.

WSO2 Identity Server comes with other perks as well. For one, it enabled ITDT and team to build a central identity so they migrated all their user stores to the central LDAP infrastructure by the project’s end. Secondly, WSO2 supported various inbound authentication mechanisms (SAML, OAuth, JWT, etc). Lastly (and best of all) is that WSO2 Identity Server is open source. This project did not have the most generous budget, and the Municipality of Heraklion needed a solution that did not have extra licensing costs attached to it. WSO2 Identity Server has an Apache 2.0 license, thereby giving the team heading this project the freedom to use this solution.

Benefits and Expansion

Apart from creating a robust solution to achieve GDPR compliance, ITDT has been able to create unique user experiences and reduce development costs for the Municipality. A digital transformation project of this nature (or indeed any such project), naturally provides insights to the team leading it by the project’s end. What ITDT learnt was that the migration of user stores is harder than they had initially anticipated as it required a lot of manpower. The team also learnt that WSO2 Identity Server is an ideal platform for creating custom solutions whilst keeping the core solution unchanged. Given the success of this project, the next step involves expansion – to other applications in Heraklion city and to other municipalities in Crete. Data exchange between municipalities and universities in Crete, and creating loyalty schemes between public and private bodies are other areas of interest. Identity management will continue to play a central role in all these plans.

Watch this presentation to learn more.

WSO2 Identity Server can be used for a host of identity management requirements, check it out here.

This article helps you understand how WSO2 Identity Server helps you achieve GDPR compliance.

Women in Open Source Tech Roundup: March 2019

Diversity. Inclusion. Challenging misconceptions. Gender equality. These are the topics in the tech industry that are being increasingly examined by organizations who are stepping up to change the percentage of women in the industry — offering them education, training, and mentoring opportunities. Globally, it is estimated that only 17% of technology jobs are occupied by women and of those, only 5% of women occupy leadership roles. A geographical breakdown of the number of women in leadership roles in the tech industry shows this, as North America accounts for 18.1%, Latin America for 13.4%, Africa and Europe for 11.2%, and Asia for 11.5%.

The numbers could look bleak (or encouraging, depends how you look at it), but the stories are always thought-provoking, warm, and inspirational. At WSO2, our story of inclusion is one we want to share. This March, we launched a video campaign starring the women at WSO2 who develop our open source products. Open source in general has a diversity problem yet interestingly, 33% of employees at WSO2 are women. When we say we’re open to integration, we mean it literally and figuratively. That means we want to create a workplace culture which strives for inclusion – be it hiring new team members from different parts of the world or hiring even more exceptional female candidates and giving them the same opportunities as their male counterparts.

We introduced some of these fantastic individuals in our teaser trailer.

This blog gives you the chance to get to know them better.

Seshika Fernando

We kicked off our campaign by featuring Seshika, who is the head of financial solutions at WSO2. Seshika’s had a versatile career so far – started in software engineering, before deciding to try something different – business analysis in the banking industry. She then returned to the tech industry (citing boredom). For Seshika, everything hinges on ability and capability. Her belief is that the company she works for must align with her personal values.

Sherene Mahanama

Sherene started her career as a technical writer at the age of 19. She didn’t necessarily plan on becoming a technical writer – rather, it was something that she came across due to her interest in writing and technology. At present, she works in identity and access management, and is very interested in GDPR and adaptive authentication (topics she even blogs about). Sherene thinks that we must all fight to maintain the highest standard of quality in our work and doesn’t believe that cultural misconceptions should discourage girls from exploring career paths that they want to pursue.

Some interesting facts about Sherene…

  • Pet peeve: Fake rumors
  • Childhood ambition: To become an FBI agent
  • If she weren’t a technical writer, she’d be a food taster!

Sithumini Senevirathne

Sithumini was very interested in learning more about programming and software development. So she started learning programming by herself, became a Sun Certified Java programmer, and developed a set of software. All this before she even began attending university! Sithumini thinks we must all establish a personal brand and collaborate to succeed. She advises women in particular to view their colleagues as potential collaborators (rather than competition) and work towards achieving a common goal.

Some interesting facts about Sithumini…

  • Pet peeve: People who spend more time on their phone during dinner or lunch than they do interacting with the people present at the table!
  • Childhood ambition: To become a news presenter
  • If she weren’t a software engineer, she’d be a university lecturer.

Natasha Wijesekare

This is Natasha’s first job. Natasha doesn’t think coding is easy – so she starts her day with a list of to do’s and if she’s managed to complete all of them, she’s satisfied. If she surpasses her daily list, then she’s absolutely ecstatic! Notwithstanding challenges, Natasha loves what she does. One of her favorite projects is Ballerina, a programming language, and she values the learning opportunities provided by this experience.

Some interesting facts about Natasha…

  • Pet peeve: People who talk over you when you’re clearly still in the middle of the sentence!
  • Childhood ambition: To become a scientist
  • If she weren’t a software engineer, she’d be a lecturer.

That’s it for March. Expect to see more stories in April on our Twitter and LinkedIn accounts.

We’re also keen to hear from women who work in open source technology all over the world and feature them in our campaign. Know anyone who has an awesome experience to share with us? Or perhaps you’re interested in being featured yourself (don’t be shy!)? Get in touch with me (vichitra@wso2.com) and Ishara (isharan@wso2.com) to start a conversation on how you can play the starring role in one of our videos or blogs!

***

And before we call it a wrap, great projects happen because of great team members. Shout out to Ishara and Vidyas, without whom the Women in Open Source Tech campaign wouldn’t have been possible.