bpr4gdpr
play

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR - PowerPoint PPT Presentation

Jan 21, 2024 •195 likes •421 views

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title: Business Process Re-engineering and functional toolkit for GDPR compliance Contract number: 787149 Funded under the H2020 call DS-08-2017

  1. BPR4GDPR Project Presentation

  2. Project ID • Project acronym: BPR4GDPR • Project title: Business Process Re-engineering and functional toolkit for GDPR compliance • Contract number: 787149 • Funded under the H2020 call DS-08-2017 • Innovation Action (IA) • Duration: 01/05/2018 – 30/04/2021 (36 months) • Total cost: 3.792.149 € • Requested EU contribution: 2.974.012 €

  3. Motivation • The GDPR comprises a milestone in the area of data protection • It fills the “regulatory gap” of the last years, and • it creates an environment able to cope with the technological and business reality • However… • Organisations declare difficulties in GDPR provisions’ implementation • This applies particularly to SMEs • Challenges include: GDPR requirements interpretation, operational adaptation, customer relationship management, management of third parties, enforcement of security mechanisms, accountability, lack of resources… • High market demand for compliance facilitation!

  4. BPR4GDPR Vision A new GDPR compliance paradigm! • Tools and methodologies for facilitating the implementation of the appropriate technical and organisational measures • Particularly tailored to SMEs with limited resources The BPR4GDPR approach consists in: • Automatic workflows re-engineering to become compliant by design • A “compliance toolkit” with common functions for run -time enforcement • Policy-based framework governance conceived on the basis of GDPR • Mechanisms for offering Compliance-as-a-Service

  5. Goal Statements 1. Reference compliance framework 2. Sophisticated security and privacy policies 3. By design privacy-aware process models 4. Compliance-driven process re-engineering 5. Compliance toolkit 6. Compliance-as-a-Service (CaaS) 7. Comprehensive trials 8. Impact creation

  6. Expected Results • Regulation-driven policy framework • Compliance-driven process re-engineering • Compliance toolkit • Privacy-enhancing technologies • Data management tools • User-centered tools • Process discovery and mining tool for enabling traceability and adaptability • Compliance-as-a-Service (CaaS) • Cloud deployment and integration, fostering compliance to be offered as-a-service • Out-of-the-box compliance for SMEs, added-value for service providers • An innovative holistic approach resulting in sustainable business models

  7. Use Cases • Use Case 1: Own data and infrastructure • Use case domain: eGovernment services in the healthcare and social security sectors • Very sensitive data and operations • Own infrastructure, internally operated systems • Data exchange with other organisations • Partner: E Government Center for Social Security Services S.A. (IDIKA) • Use Case 2: Compliance-as-a-Service for cross-organisational applications • Use case domain : Automotive management • Multiple and heterogeneous stakeholders, cooperating in a B2B ecosystem • Cloud-based systems • Partner: CAS Software AG (CAS) • Use Case 3: Cloud-supported very small organisations • Use case domain: Real estate • Very small organisations • All systems typically outsourced • Partner: Innovazioni Tecnologiche (INNO)

  8. Concept and Approach Process Process discovery design  Process Storage, mining, Identification identification traceability of risks   Process Assessment Process analysis of risks monitoring and controlling BPR4 Modelling of GDPR Enforcement of compliance   compliance requirements Process Process requirements execution redesign (Re)engineering Execution of of internal  internal control control Process Operational implementation adaptation

  9. Process Process Concept and Approach discovery design  Process identification   Process Process Process analysis discovery Process monitoring modelling tools & controlling mechanisms BPR4 GDPR   Process execution Process redesign  Organisation Process models Process implementation Goal : Procedures and information flows formalisation within an organisation How : Process discovery mechanisms or through graphical process modelling tools Outcome : Process models for further analysis

  10. Process Process discovery Concept and Approach design  Process identification   Process Process GDPR Process discovery Process monitoring analysis modelling tools & controlling mechanisms BPR4 GDPR   Process Process execution redesign  Compliance Organisation Process models ontology Process implementation Policy Framework Compliance Goal : metamodel • Assess compliance of existing organisation processes to GDPR Rule based access & usage • Appropriately adapt non-compliant processes control Process verification How : and adaptation tool Compliance metamodel, subject to verification and adaptation, Reasoning & Knowledge against policy framework extraction Compliant Process Models Outcome : Specifications of compliant workflow models, enhanced with sophisticated privacy constraints enforceable at run time

  11. Process Process discovery Concept and Approach design  Process identification   Process GDPR Process Process analysis discovery Process monitoring modelling tools & controlling mechanisms BPR4 GDPR   Process Process redesign execution  Compliance Organisation Process models Process ontology implementation Policy Framework Compliance Goal : metamodel Compliant process enactment and execution Rule based access & usage control How : Process verification Compliance toolkit (privacy-enhancing tools, data management and adaptation tool tools, user centered tools) Reasoning & Knowledge extraction Outcome : Compliant Process Models • Guidelines for process and resources adaptation into existing technological contexts Compliance toolkit • Compliant process execution environments

  12. Process Process discovery Concept and Approach design  Process identification   Process Process GDPR Process Process analysis discovery monitoring modelling tools mechanisms & controlling BPR4 GDPR   Process execution Process redesign  Compliance Organisation Process models ontology Process implementation Policy Framework Compliance Goal : metamodel Monitoring of process execution regarding compliance Rule based access & usage control How : Process verification Process mining focused on compliance awareness and adaptation tool Reasoning & Outcome : Knowledge • extraction Continuous monitoring and control of processes Compliant Process Models • Indication of compliance deviations, for adaptation and alignment thereof Compliance toolkit

  13. Work Structure WP 1: Project management WP 2: Use cases, requirements and architecture WP 7: Impact creation WP 6: Assessment, WP 4: Privacy-aware process re- trials and validation engineering WP 3: Policy framework WP 5: Compliance toolkit

  14. Implementation Roadmap Task 2.2 Process Task 4.3: GDPR Process discovery Regulatory analysis modelling tools Process discovery and continuous adaptation mechanisms Task 3.1: Compliance Organisation Process models ontology Compliance ontology Task 4.1: Policy Framework Compliance Compliance metamodel metamodel Rule based Task 3.2: access & usage Rule based access & usage control control Task 4.2: Process verification and adaptation tool Process verification and adaptation Reasoning & Task 3.3: Knowledge Reasoning and knowledge extraction extraction Compliant Process Models WP5: Compliance toolkit Task 5.1: Privacy-enhancing tools Compliance toolkit Task 5.2: Data Management Tools Task 5.3: User-Centered tools

  15. Work timing and Milestones Preliminary BPR4GDPR trials complete Data protection impact analysis • BPR4GDPR solutions successfully • Report on the data protection deployed at use cases’ infrastructure impact analysis of the project • Preliminary trials execution Regulatory analysis use cases Final prototypes of BPR4GDPR technology • Workflow Metamodel • Policy framework • Policy Model Ontology • Process re-engineering mechanisms • Compliance toolkit M10 M18 M36 M25 M0 M20 M6 M12 M30 Refined architecture definition Architecture and compliance ontology Trial demonstration of the • Final version of the compliance definition achievements • Use cases and requirements (1 st version) ontology • Final BPR4GDPR solutions • Final version of BPR4GDPR architecture • First version of the compliance ontology successfully deployed • First version of BPR4GDPR architecture • Final trials execution First prototypes of BPR4GDPR technology • Policy framework • Process re-engineering mechanisms • Compliance toolkit

  16. Impact Creation • Expected impacts • Support for fundamental rights in digital society • Increased trust and confidence in the Digital Single Market • Increase in the use of privacy-by-design principles in ICT systems and services • Impact on the market and European competitiveness • Scientific and technical impact • Measures to achieve impact • BPR4GDPR User Community • Dissemination • Liaison and standardisation • Exploitation

Recommend

More recommend