Coordinating Two Parallel SaaS Platforms for a UK University Under GDPR Constraints
Client: UK Higher Education Client — PEN Group · Industry: Higher Education / EdTech · Role: Technical Project Lead · Duration: Ongoing (9 months to date)
The Challenge
Two workstreams — the legacy PHP student-records system (SIMS) and a new companion React/Node student portal — had to ship on independent but interlocking timelines for the same institution, coordinated across a 9-person team split across Backend, Frontend, SQA, and IT Support, under strict GDPR data-residency and retention rules for UK student records. Status reporting had been ad hoc and the two workstreams had drifted out of sync, risking a missed enrollment-cycle deadline.
The Solution
Introduced a shared fortnightly milestone board visible to both workstreams and the client, with cross-workstream dependencies explicitly flagged (e.g. a SIMS API contract change blocking the student portal's account-linking feature). Ran a GDPR data-mapping exercise with IT to classify every student data field by retention period and access tier, then implemented field-level access control and audit logging in SIMS before the portal's account-linking feature shipped. Replaced three ad hoc update channels with a single weekly client stakeholder call and a one-page RAG status summary.
Results & Impact
- Realigned both workstreams to a shared institutional go-live date after initial drift
- Passed the client's internal data-protection review on GDPR data handling with zero findings
- Reduced status-update overhead by consolidating three channels into one weekly RAG report
- Zero missed enrollment-cycle deadlines since realignment
- Established a dependency-tracking process now reused across both workstreams