...
IT Services and Legal and Archiving Services are in constant dialogue with each other and work together to
develop the software and systems procurement process to be more efficient and flexible. The procurement
form is also being developed. Above-mentioned units aim to provide smooth service within the framework of
the legislation. Though the obligations are fully binding as it’s required by the law, which means it is not
possible to ignore these steps even in the most urgent cases.
Try to plan your software and system needs as early as possible. This will help to get the tools you need in
time. Completing the procurement process may take some time, but urgent procurement will be prioritized
over the less urgent ones.
...
EU General Data Protection Regulation (GDPR) 2016/679, National Data Protection Act (1050/2018) and
1.1.2020 Act on Information Management in Public Administration obliges the organisation to control the
introduction of newly adopted digital tools (IT systems, electronic services and software’s). Meaning that
digital tools are only permitted in a controlled manner. Therefore, each digital tool must go through a
mandatory risk management process. This process must be documented for each digital tool, so there is
evidence that the process has gone through impact assessment.
In GDPR, the risk management process is called the DPIA or Data Protection Impact Assessment process.
(Article 35). In the Act on Information Management in Public Administration, the same issue is referred to as
change impact assessment (5§).
By the decision of Metropolia's executive board, all computer programs, mobile applications, and IT systems
procurement is centralized in the IT Services to enable Metropolia to comply with the above-mentioned,
statutory risk management process. Read the instructions below on how a new digital tool can be taken into
use at Metropolia.
...