All software and system procurements go through IT Services
- If you need new computer software, mobile application, or IT system in Metropolia, fill in the procurement form at https://hankintalomake.metropolia.fi -> Ohjelmistot ja järjestelmät.
- If any personal information is handled in the computer software, mobile application, or IT system, you need to fill out DPIA-form. Familiarise yourself with the DPIA-guidelines in OMA. (link: https://oma.metropolia.fi/gdpr-ja-tietosuoja/tunnista-dpia) and fill out DPIA-form (link: https://elomake.metropolia.fi/tunnistaudu.php?lomake_id=25145).
- Based on the decision of the Metropolias executive board, any type of computer programs, mobile applications, or IT systems (even free ones) shall not be used without going through previously mentioned process.
(Unfortunately some links and forms are only in Finnish)
1. What do I need to do if I need new software or system for Metropolia?
- Check the process diagram and instructions on the IT Services website (link:https://wiki.metropolia.fi/pages/viewpage.action?pageId=169024187) (only visible to logged-in users).
- Open the procurement form at https://hankintalomake.metropolia.fi
- Click Ohjelmistot ja järjestelmät (Software and Systems).
- Login with your Metropolia username and fill out the form.
- Familiarise yourself with the DPIA-guidelines (link: https://oma.metropolia.fi/gdpr-ja-tietosuoja/tunnista-dpia)
- If the digital tool processes any personal information, please complete the DPIA form (link: https://elomake.metropolia.fi/tunnistaudu.php?lomake_id=25145)
This motion affects all Metropolia's units and projects. Therefore, nobody can independently acquire digital product tools (computer programs, mobile applications, and IT systems) without complying with the above process, regardless of the size of the acquisition: The obligation applies to all digital tools even when installed to a single computer or mobile device to organization-wide systems.
2. Anticipate purchases
IT Services and Legal and Archiving Services are in constant dialogue with each other and work together to develop the software and systems procurement process to be more efficient and flexible. The procurement form is also being developed. Above-mentioned units aim to provide smooth service within the framework of the legislation. Though the obligations are fully binding as it’s required by the law, which means it is not possible to ignore these steps even in the most urgent cases.
Try to plan your software and system needs as early as possible. This will help to get the tools you need in time. Completing the procurement process may take some time, but urgent procurement will be prioritized over the less urgent ones.
3. The statutory risk management process
EU General Data Protection Regulation (GDPR) 2016/679, National Data Protection Act (1050/2018) and 1.1.2020 Act on Information Management in Public Administration obliges the organisation to control the introduction of newly adopted digital tools (IT systems, electronic services and software’s). Meaning that digital tools are only permitted in a controlled manner. Therefore, each digital tool must go through a mandatory risk management process. This process must be documented for each digital tool, so there is evidence that the process has gone through impact assessment.
In GDPR, the risk management process is called the DPIA or Data Protection Impact Assessment process. (Article 35). In the Act on Information Management in Public Administration, the same issue is referred to as change impact assessment (5§).
By the decision of Metropolia's executive board, all computer programs, mobile applications, and IT systems procurement is centralized in the IT Services to enable Metropolia to comply with the above-mentioned, statutory risk management process. Read the instructions below on how a new digital tool can be taken into use at Metropolia.
Data Protection Officer Tuulia Aarnio, Legal and Archiving Services
- Data protection legislation
Telephone. 040 844 0690
- Inquire about the progress of your procurement
- Inform about digital tools that are already in use at Metropolia
- Give more information about the procurement process and
- Give assistance in completing the procurement form.