DHIS 2 hosting now available with Bluesquare


(Martin Van Aken) #1

Hi!

I’m Martin, I’m Bluesquare’s CTO.

We are pleased to announce that we are taking our hosting services of your DHIS 2 instances to the next level. Based on our experience the last six years hosting over 20 unique instances for our partners and clients around the globe, we are happy to bring this service to the DHIS 2 community.

Beyond supporting pure hosting we are also able to help you make the most of your DHIS 2 instance. This includes mobile data collection, data visualisation, interoperability between DHIS 2 instances, trainings and more.

Whether you’re new to DHIS 2 and looking to launch your data platform and better understand how it can support your program, or an old hand looking for ad hoc support, our team of experts is happy to lend a hand.

If you have any question or are interesed, don’t hesitate to reach to me at mvanaken@bluesquarehub.com.

Martin


(Ibrahim Wickama) #2

Thanks Martin, that’s a nice thing you are doing there…


(Martin Van Aken) #3

Thanks Ibrahim - look forward to work with you and the UDSM team again!


(Stanley Kalyati) #4

The email provided is not reachable


(Martin Van Aken) #5

Hi Stanley. My apologies. Thanks for notifying I’ll check immediately - to which email are you referring to (in the post or on our website)?.

In the meantime don’t hesitate to reach to me directly at mvanaken@bluesquarehub.com

Martin


(Sara Gaudon) #6

Congratulations Martin, to you and your team.
On the hosting services web page, you note “all our hosting is located in the EU territory. This means GDPR rules apply.” Do the listed fees include the controller-processor agreements, access to audits etc…; that we could share with clients to prove the hosting portion (of a DHIS2 implementation) is GDPR compliant? Thank you kindly,
Sara


(Martin Van Aken) #7

Hi Sara,
Thanks for the questions and interest. The topic is broad, so to paint a big picture: GDPR rules apply to us (Bluesquare) in any cases (we are a EU based company) as data processors.

After there are a lot of different possible cases depending on the controller situation (which is normally our customer) - notably the “lawful basis for data collection” can exist in a lot of cases - so there is not a single flavour of processor/controller agreement

Our general approach is to ask the customer about whether they did their diligence (regarding individual data - aggregated data is generally not a problem there). Some of the GDPR rules may not apply if the customer is for example a non EU government (a ministry of health does not have to ask for consent to collect data about its own population for example, a health program may have the proper agreement from the country, etc) - we’ll raise the concern anyway as we think the conversation is useful.

We actually think the GDPR principles are good regardless whether you have to comply or not (limit personal data collection, anonymize when you can, don’t reuse personal data for a different reasons that it was collected initially, etc).

On our side, we’re “just” the processor which means that our rule is pretty simple - we host the data, we don’t own it, so we obviously don’t do anything with it outside of what our customer requires or what our hosting job requires (example again: I have to have access to the database in order to maintain it, but I won’t look at anything specific except if this is required to provide you support - and in this case I’ll ask).

To answer specifically - we’re using all DHIS2 audits that are available (and with the “metadata audit” feature available since 2.29, you can track both data and metadata audit). Some aspects may still be tricky (example: deleting some specific person data requires for now to go to the database which is inconvenient) but we don’t see anything blocking for the usage in a GDPR context.

I hope this answers part of your questions - we’re quite happy to discuss further and share our learning/understanding about GDPR compliance. I’ll check with my more legal oriented colleagues if there are aspects we can share publicly, but don’t hesitate to contact me back here or via email if you want to pursue the exchange.

Martin


(Sara Gaudon) #8

Thank you Martin for this thoughtful answer. We are trying to move towards GDPR compliance even when it isn’t required; we agree with this statement completely: "We actually think the GDPR principles are good regardless whether you have to comply or not (limit personal data collection, anonymize when you can, don’t reuse personal data for a different reasons that it was collected initially, etc).
This will take time. Thank you for confirming BlueSquare’s offering. Congratulations again,

Sara and the LogicalOutcomes team