IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

How People HR is using the cloud to prepare for GDPR

With months to go until the new data protection laws come into force, organisations are looking for innovative ways to ensure compliance

Companies in the UK are bracing themselves for a new challenge this year: GDPR.

GDPR, or the European Union General Data Protection Regulation to give it its full name, has raised many questions for companies, with one of the most complex being how they manage all the personal data they hold on individuals who will be protected by the new rules.

People HR, a Lincolnshire company selling web-based HR software, is one such organisation. The business has just over 60 employees and 4,500 customers, with 120 new ones coming onboard each month.

Sat Sindhar, managing director at the company, tells IT Pro the company has been looking at ways to secure all its sensitive data and began working on ISO 27001 at the beginning of 2016. Although this isn't a guarantee a company is GDPR compliant, Sindhar explains, it gives customers reassurance as to a provider's credibility.

Going through this process, however, the company realised it would need an "army of people" in order to manually sort through log files, and so six months ago it began looking around for a company to help provide a managed service that would solve the problem.

Protect data, protect customers

Sindhar says that in the HR world, data protection has always been absolutely critical.

"We've never been in a position where we've been providing products that didn't really need to comply with the data protection act in this country and in Europe," says Sindhar. "Similarly customer concerns about data security has always been quite high up on the agenda, if not the single most important thing on the agenda."

He says in order for People HR to meet the new GDPR reporting requirements, the company needs to have particular technology and services from their providers.

"It's impossible to really meet the GDPR reporting requirements if you're a company like us with thousands of customers, on a manual basis," he explains.

If a problem arose, then People HR would need to carry out a forensic level analysis of their infrastructure to find out who accessed their data. This would need to happen in order to feed back to their customer and to comply with GDPR laws, says Sindhar.

After looking at a number of offerings, the company ultimately plumped for Rackspace Managed Security.

"Rackspace was interesting for us because not only were they able to provide the technology products, the components we needed to provide GDPR compliance, but they were able to supply the people there as a team who were then using these components," Sindhar explains.

"That was the most important thing to us, to have the people we could turn to in times of need, to have the people there who were actually looking at what we were doing in a proactive fashion, identifying potential issues and problems before they even arose and dealing with them."

Racking up customers

Daniel O'Neill, senior manager of cyber security at Rackspace, says most companies are becoming more aware of GDPR: "GDPR has big momentum amongst many businesses, certainly since the [beginning of 2017]. I would say most business leaders I speak to now the conversation will involve, or revolve around, GDPR. It's on the minds of most business leaders now as they look to prepare themselves ahead of the 25 May 2018."

He wasn't surprised by People HR's proactive approach, but says it was nevertheless "encouraging that a business acknowledges that security and cyber security is crucial to not just protecting the business but enabling the business in the current threat environment".

"I think it's important that businesses have started preparations now. We've known about GDPR for some time," said O'Neill. "A pragmatic approach for many businesses is to look at what they do now. We have data protection regulations in place, we have compliance frameworks. If businesses can identify the processes they do already and map those across the GDPR, they can then focus on the real gaps that they need to address to make themselves compliant."

Sindhar echoes this as many of his European customers are "particularly vocal on the question of GDPR", he says. Those customers need to know People HR have the correct technical and organisational measures in place before signing up.

"This is the singularly most important thing right now when it comes to security conversation for European customers, absolutely," he added.

In terms of why People HR have been so proactive, Sindhar claims it's because the company needs to think of its customers.

"If you centre our universe where our customers are and you think about the HR professionals out there then it's essential that we give them a secure, reliable, safe system that meets all the legislative and regulatory requirements. When you think about it like that it becomes quite easy to understand why we needed to be proactive," said Sindhar.

Sindhar has four pieces of advice for other companies looking to become GDPR compliant: "Don't bury your head in the sand, separate fact from fiction, work with partners that help you and don't do things just for GDPR but use GDPR to make yourself better."

Main image credit: Shutterstock

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Recommended

Cloud security market to hit $106 billion by 2029
cloud computing

Cloud security market to hit $106 billion by 2029

11 Apr 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Larger monitors aren't all they're cracked up to be
monitors

Larger monitors aren't all they're cracked up to be

3 Dec 2022
Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine
cyber warfare

Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine

5 Dec 2022