Summary

(Unfortunately some links and forms are only in Finnish)


1. What do I need to do if I need new software or system for Metropolia?

  1. Check the process diagram and instructions on the IT Services website (link:
    https://wiki.metropolia.fi/pages/viewpage.action?pageId=169024187) (only visible to logged-in users).
  2. Open the procurement form at https://hankintalomake.metropolia.fi
  3. Click Ohjelmistot ja järjestelmät (Software and Systems).
  4. Login with your Metropolia username and fill out the form.
  5. Familiarise yourself with the DPIA-guidelines (link: https://oma.metropolia.fi/gdpr-ja-tietosuoja/tunnista-dpia)
  6. If the digital tool processes any personal information, please complete the DPIA form (link: https://elomake.metropolia.fi/tunnistaudu.php?lomake_id=25145)


This motion affects all Metropolia's units and projects. Therefore, nobody can independently acquire digital product tools (computer programs, mobile applications, and IT systems) without complying with the above process, regardless of the size of the acquisition: The obligation applies to all digital tools even when installed to a single computer or mobile device to organization-wide systems.

2. Anticipate purchases

IT Services and Legal and Archiving Services are in constant dialogue with each other and work together to develop the software and systems procurement process to be more efficient and flexible. The procurement form is also being developed. Above-mentioned units aim to provide smooth service within the framework of the legislation. Though the obligations are fully binding as it’s required by the law, which means it is not possible to ignore these steps even in the most urgent cases.

Try to plan your software and system needs as early as possible. This will help to get the tools you need in time. Completing the procurement process may take some time, but urgent procurement will be prioritized over the less urgent ones.

3. The statutory risk management process


EU General Data Protection Regulation (GDPR) 2016/679, National Data Protection Act (1050/2018) and 1.1.2020 Act on Information Management in Public Administration obliges the organisation to control the introduction of newly adopted digital tools (IT systems, electronic services and software’s). Meaning that digital tools are only permitted in a controlled manner. Therefore, each digital tool must go through a mandatory risk management process. This process must be documented for each digital tool, so there is evidence that the process has gone through impact assessment.

In GDPR, the risk management process is called the DPIA or Data Protection Impact Assessment process. (Article 35). In the Act on Information Management in Public Administration, the same issue is referred to as change impact assessment (5§).

By the decision of Metropolia's executive board, all computer programs, mobile applications, and IT systems procurement is centralized in the IT Services to enable Metropolia to comply with the above-mentioned, statutory risk management process. Read the instructions below on how a new digital tool can be taken into use at Metropolia.


Additional information


Data Protection Officer Tuulia Aarnio, Legal and Archiving Services


dpo@metropolia.fi
Telephone. 040 844 0690


Helpdesk can:


Telephone services: 09 7424 6777
Service requests: https://hd.metropolia.fi or helpdesk@metropolia.fi


Kaikki ohjelmisto- ja järjestelmähankinnat tietohallintopalveluiden kautta