STATE OF LUXEMBOURG: PROCESS FOUNDATION FOR GDPRMINISTÈRE DE LA FONCTION PUBLIQUE ET DE LA RÉFORME ADMINISTRATIVE

ADMINISTRATION DU PERSONNEL DE L’ETAT/BUSINESS PROCESS MANAGEMENT OFFICE

APRIL 5, 2018

LUDWIG BALMER, HEAD OF IT

• Organisation

• Prometa Framework overview

• GDPR: Our approach & Case study

• GDPR: Analysis & Toolbox (GlobApp)

• Conclusions

2

AGENDA

ORGANISATION

• Administration belonging to the Ministère de la fonction publique et de la réforme administrative (MFPRA)

• State agent (civil servant) career management from recruitment to retirement• Recruitment management

• Compentences development management (hard and soft skill management)

• Career management

• Salary computation (active and retired population)

• HR data analytics management

• Organisation/process consulting• BPM deployment within ministries and administrations

ADMINISTRATION DU PERSONNEL DE L’ETAT (APE)

5

BUSINESS PROCESS MANAGEMENT OFFICE (BPMO)

CENTRAL BPMO

6

• In charge to develop, maintain, manage and govern the Prometa Framework

• Platform, convention sets,

• In charge of the QA of customers works (administrations)

• Deliver projects to customers

BPMO central

AdministrationsMFPRA, ANS, ACD, AEV, TP, PJ, ADEM,

INAP…

Organisation du secteur public

Adm1

Prometa Unit

Prometa Unit

Prometa Unit

Adm2 Adm3

Business ProcessManagement Office local

• In charge to coach the ministries and administrations in their BPMO deployment

• Coaching for the deployment of local BPMOs

• Run the Prometa Service Desk 247-81234

• Deliver BPM/Prometa trainings (1 sess/month)

• …

Support, coaching, formation, projets

PROMETA FRAMEWORKOVERVIEW

PROMETA FRAMEWORK OVERVIEW

• Enterprise Business Architecture Management and Governance

• Governance/ BPM Project /EA

• Standard, methodologies

• Modelling/optimization

• Workflow/automation

• Monitoring

• Promet’Apps

• Interfaces

• User groups

• Practice Session

• Education (training)

• …

PROMETA FRAMEWORK

9

ARIS Architect & DesignerARIS

Connect

Enterprise Business Architecture Management Framework

Prometa

NextGen

PortalPrometa Actiflow

Promet’Apps

Ref’Apps / Glob’Apps

Prometa Spec

Run model-based forms and questionnaires

Run model-based home page environment

Run workflow thanks to ARIS BPMN 2.0

Write your spec. with ARIS and enrich your EA

Promat’Apps engine

Prometa => ARIS large plug-in

Prometa GDPRAddressing GDPR

PR

OM

ETA

• https://joinup.ec.europa.eu/community/nifo/case/prometa-organisational-interoperability-framework-eservice-design-luxemburg

PROMETA FRAMEWORK

10

CAPTURE AND CREATE ADDED VALUE

• Design, capture, inventory, structure, transform/export, execute, monitor, analyse (quering) …o Mid/long term perspectives (orga.,KM, Ch.Mgt, Risk Mgt…)

o Generate delivrables…

PROMETA FRAMEWORK PRINCIPLES

Prometa NextGenPortal …

Documentation, reporting

Apps engine

Workflow

Reporting, dashboarding, BI

…

PROMETA FRAMEWORK USE CASES COVERAGE

As-Is/To-Be, process doc. (ISO procedure/quality handbook), Orga. doc (RASCI), BSC (balanced score card), Risk inventory/Assessment*, ERP Bluprinting, IT system Requirement doc. generation (Prometa Spec.)

Structured doc. generation (tendres,..)Online decision makers (RuleGen)Online forms for data collection to ext. system (Jira, OTRS, Odoo, ), Risk assessment forms, Incident mgt., User Guide generation (eLearningGen), Scenario-based exam generation (certif. context)…

Enriched BPMN 2.0 (BPMNx 2.0) for workflow, activity governance

Dashboard Dev. (process/non-process indicators), gov. dashboardBusiness/Enterprise architecture decision makingBI approach; process performance mgt., reporting

Modelling

Modellingfor documentation

Promet’Appsmodelling

Execution

Monitoring

Modellingfor execution

Promet’Appsexecution

PROMET’APPS - CONCEPT

13

Model Deploy Run

14

PROMET’APPS

GDPROur approach & Case study

HISTORY AND APPROACH

• Different entry points for content and GDPR centric approachoOrganisation

oProcesses

o Information systems

oData

oProducts

o Legal entities

oRisks

• Each view can have multiple layers

• Different GDPR contents available to enrichApplications, Products, Data, Site, …o ie: Security, audit, data transfer, …

17

PROMETA GDPR CONVENTIONS

18

PROMETA GDPR CONVENTIONSAPPLICATIONS

REGULATIONSRISKS

PROCESSES

19

PROMETA GDPR CONVENTIONS

Key GDPR dimensions

DATA IMPORT

ARIS

21

CASE STUDY – XXX

CASE STUDY – XXX

GDPR view of processing

All objects contain all GDPR related necessary information to :• perform assessments• describe/provide the revelant information to the user/reader• be used to generate GDPR reports (via Aris .js)• Hyperlink to online legal base• …

GDPRAnalysis & Toolbox (GlobApp)

• Different possibilities of analysis are proposed to search information based on models:oAutomatic creation of matrix

oDetailed analysis based on specific search in the portalo Usage of a GlobApp

oNavigation o Via drill down for detailed viewPar les assignements pour avoir le détail d’un objet

o By where used list

• Possibility to analyze all applications and all processesoUsing a central repository, for an administration, provides integrated on applications

and processes

24

ANALYSIS

• Matrix activities/dataoAutomatically generated in ARIS

oProvide an aggregatd view on all data usage

• Grouping of data that are GDPR relevant

• Searching fields in ARIS and in the portal

25

ANALYSIS

• Standard queries are definedto find GDPR relevant items

• Recherches sur :o Applications

o Data

o Activities

o ...

• Filtering possibilities

• ID card creation for GDPRo Affichage de tous les éléments

pertinents sur un seul écrano Attributs

o Input / ouput

o …

26

ANALYSIS – PROMETA GLOB’APPFor staff that do not have access to GDPR

governance dashboard

HTML page generation based on model

27

ANALYSIS – PROMETA GLOB’APP

28

ANALYSIS – PROMETA GLOB’APP

29

GDPR FP.GOV DASHBOARD

30

GDPR FPGOV DASHBOARD

Accessing all dimensions

CONCLUSIONS

32

ECOSYSTEM IN SHORT

• (ARIS) Best approach to enrich existingmodelling contentoGDPR perspective beside existing models(process detail with all GDPR revelantdimensions)

• No additional tool requires (just the ARIS suite)

• Quick approach to provide results• Easy to interface with ARIS Analytics/otherBI platform to exploit the full value of the modeling (models, objects and relations/connections…)

TAKE AWAY

Get in touch with us – www.imendos.com

Peggy WelcheARIS expert - Engagement Partner

mobile : +352 691 377 156email : peggy.welche@imendos.com

Tanguy PetreARIS expert – Managing Partner

mobile : +32 496 25 17 44email : tanguy.petre@imendos.com