Haufe Group produces on-premise and SaaS accounting, payroll, and merchandizing solutions for small businesses and entrepreneurs. It targets German-speaking market, and serves 800,000 customers with its nearly 2,000 employees.
Most discussions regarding regulations, especially the EU’s General Data Protection Regulation (GDPR), focus on specific business and legal obligations, but they often ignore the impact that regulations place on the software development lifecycle. A critical step in the process is ensuring that requirements are clear and concise. Haufe Group needs to blend the definition of business needs with iterative agile delivery, and help its customers accelerate the GDPR implementation.
With six key software development sites, and over 500 DevOps engineers working on product development, GDPR compliance was a huge issue for Haufe Group, as Andreas Reusch, Test Architect, Products & Applications, Haufe Group, explains further: “We leveraged our consulting services to translate the official GDPR regulations into product requirements. We then used this to start the discussions with our individual software product owners to do a gap analysis and determine by product what requirements had to be implemented to achieve GDPR compliance. We needed an automated solution to help us capture these requirements and guide them through the software testing process.”
ALM Octane, the Micro Focus software lifecycle management platform for high-quality application delivery, is designed to suit Haufe Group’s agile, DevOps environment. It provides a robust governance framework, providing traceability and rich reporting. ALM Octane’s GDPR content pack helps customers make sense of all 1,064 GDPR requirements. It is prepopulated in all 24 EU languages and enables customers to professionally manage their GDPR projects, from requirements definition to implementation.
Key GDRP requirements such as ‘limitation of purpose, data, and storage’ and ‘consent’ have sets of attributes. There is typically discussion around the implementation of these. ALM Octane captures all the communication around this for Haufe Group. Reusch comments: “Through online collaboration between the stakeholders, we achieve a common understanding. Within ALM Octane we can then easily create a ‘user story’ which outlines our implementation of the relevant GDPR requirement. The user story is linked to the requirement and will always be available for audit purposes, so that we can go back and review exactly how we implemented GDPR within our software products. This is of huge value to us, as there is no other way to create this central repository and transparency across the board.” Within ALM Octane it is easy to search for GDPR requirements and their status. These can be filtered by product, phase, release version etc. ALM Octane also contains a ‘My work’ section with all the tasks associated with a requirement clearly outlined, so that it’s easy to know what needs to happen next. Sophisticated notification options mean that colleagues on a project team can opt in and out of various notifications so that only changes which are relevant to them will be communicated to them, either within their Octane ‘My Work’ section, or via email.
While all development methodologies are adapted to comply with GDPR requirements, application testing is more important than ever.
Reusch comments: “The Micro Focus automated testing framework has given us transparency and full traceability; vital for audit purposes. With so many people involved in software development, it is key that changes are clearly visible to everyone. The test status is always clear and up-to-date and we can see what elements of the software lifecycle still need to be validated before moving to the next phase. For us, GDPR compliance is all about communication. We needed to break down any silos in our organization and work together to solve huge challenges.”
He concludes: “Micro Focus provided a solution set that helped us achieve our GDPR goals and meet our customer’s needs. We were able to create an innovative methodology to work through the application testing requirements and achieve GDPR compliance.”
