Needius Case Study |

Needius relies on to secure its Blu(e) platform and users' data








Needius is an Italian company founded in 2013 which develops services for children with communication difficulties. In 2015 Needius started developing Blu(e), a platform which offers a remote management system for physicians, a mobile application for patients, and a monitoring system and dashboards used by physicians and caregivers (family) to exchange information.

The Blue(e) suite relies on a backend which processes gameplay data in order to provide to caregivers and family the information, dashboards and statistics describing the progress of children diseases.

The Blu(e) backend stores patient information, manages users access to data and the interaction between physicians and children family.

Due to the sensitivity of the data related to children with specific diseases the data protection requirements were fundamental to ensure proper service design. Storage of patient information, user management, physicians and family interaction are some of the key challenges that the team faced in order to:

  • document and demonstrate the compliance with data protection laws. The result of this activity includes a privacy policy, terms and conditions of Blu(e) service and technical safeguards of the platform,

  • notify the Data Protection Authority the data processing activity, describing the service, its purpose and its safeguards,

  • reduce the risks for the company and mitigate the legal responsibility of its CEO,

  • demonstrate trust to end-users (family), physicians and caregivers.


To achieve compliance with EU and Italian data protection laws, Needius relied on service. Although the Blu(e) backend and algorithms were already developed, the Needius team integrated service to store sensitive data such as patient identifiable information and the information related to physicians and family interactions like reports and other sensitive information.

In addition, to ensure proper access to data, audit logs and management of stored information, Needius team used the API for user management. The implementation of API calls is done via Blu(e) backend, which forwards the authentication and other API calls to API. In such way Needius team didn't modify its own API and the interaction with mobile and web applications.

The resulting backend configuration and the data flow has achieved easily a sufficient level of separation of personal identifiable and sensitive data, implementing in such way a pseudonymization approach and reducing the overall risks. The final configuration has been approved by lawyers, giving to Needius the possibility to deliver its service in Italy and the whole EU.

“By integrating the API in our apps we solved all compliance and security issues easily.
As a result we were able to deliver our service to the whole Italian and EU market.”

Giorgio Casoni - Board Member of Needius


  • Ensuring compliance with data protection laws is necessary to fulfill legal obligations and important for end-users to deliver trust.

  • Compliance is a complex problem, but there exist services like that help on making it easy.

  • The best way to approach the problem (at least in existing applications) is the pseudonymization, which allows developers to reduce risks, reduce development efforts, while still ensuring compliance with data protection and a good level of security.

  • service makes it extremely easy to implement pseudonymization and achieve compliance.

Ready to start?