How People HR is using the cloud to prepare for GDPR

With months to go until the new data protection laws come into force, organisations are looking for innovative ways to ensure compliance

EU cloud GDPR

Companies in the UK are bracing themselves for a new challenge this year: GDPR.

GDPR, or the European Union General Data Protection Regulation to give it its full name, has raised many questions for companies, with one of the most complex being how they manage all the personal data they hold on individuals who will be protected by the new rules.

People HR, a Lincolnshire company selling web-based HR software, is one such organisation. The business has just over 60 employees and 4,500 customers, with 120 new ones coming onboard each month.

Sat Sindhar, managing director at the company, tells IT Pro the company has been looking at ways to secure all its sensitive data and began working on ISO 27001 at the beginning of 2016. Although this isn't a guarantee a company is GDPR compliant, Sindhar explains, it gives customers reassurance as to a provider's credibility.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Going through this process, however, the company realised it would need an "army of people" in order to manually sort through log files, and so six months ago it began looking around for a company to help provide a managed service that would solve the problem.

Protect data, protect customers

Sindhar says that in the HR world, data protection has always been absolutely critical.

"We've never been in a position where we've been providing products that didn't really need to comply with the data protection act in this country and in Europe," says Sindhar. "Similarly customer concerns about data security has always been quite high up on the agenda, if not the single most important thing on the agenda."

He says in order for People HR to meet the new GDPR reporting requirements, the company needs to have particular technology and services from their providers.

"It's impossible to really meet the GDPR reporting requirements if you're a company like us with thousands of customers, on a manual basis," he explains.

If a problem arose, then People HR would need to carry out a forensic level analysis of their infrastructure to find out who accessed their data. This would need to happen in order to feed back to their customer and to comply with GDPR laws, says Sindhar.

Advertisement - Article continues below

After looking at a number of offerings, the company ultimately plumped for Rackspace Managed Security.

"Rackspace was interesting for us because not only were they able to provide the technology products, the components we needed to provide GDPR compliance, but they were able to supply the people there as a team who were then using these components," Sindhar explains.

"That was the most important thing to us, to have the people we could turn to in times of need, to have the people there who were actually looking at what we were doing in a proactive fashion, identifying potential issues and problems before they even arose and dealing with them."

Racking up customers

Daniel O'Neill, senior manager of cyber security at Rackspace, says most companies are becoming more aware of GDPR: "GDPR has big momentum amongst many businesses, certainly since the [beginning of 2017]. I would say most business leaders I speak to now the conversation will involve, or revolve around, GDPR. It's on the minds of most business leaders now as they look to prepare themselves ahead of the 25 May 2018."

Advertisement
Advertisement - Article continues below

He wasn't surprised by People HR's proactive approach, but says it was nevertheless "encouraging that a business acknowledges that security and cyber security is crucial to not just protecting the business but enabling the business in the current threat environment".

"I think it's important that businesses have started preparations now. We've known about GDPR for some time," said O'Neill. "A pragmatic approach for many businesses is to look at what they do now. We have data protection regulations in place, we have compliance frameworks. If businesses can identify the processes they do already and map those across the GDPR, they can then focus on the real gaps that they need to address to make themselves compliant."

Advertisement - Article continues below

Sindhar echoes this as many of his European customers are "particularly vocal on the question of GDPR", he says. Those customers need to know People HR have the correct technical and organisational measures in place before signing up.

"This is the singularly most important thing right now when it comes to security conversation for European customers, absolutely," he added.

In terms of why People HR have been so proactive, Sindhar claims it's because the company needs to think of its customers.

"If you centre our universe where our customers are and you think about the HR professionals out there then it's essential that we give them a secure, reliable, safe system that meets all the legislative and regulatory requirements. When you think about it like that it becomes quite easy to understand why we needed to be proactive," said Sindhar.

Sindhar has four pieces of advice for other companies looking to become GDPR compliant: "Don't bury your head in the sand, separate fact from fiction, work with partners that help you and don't do things just for GDPR but use GDPR to make yourself better."

Main image credit: Shutterstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/mobile/5g/354286/why-5g-could-be-a-cyber-security-nightmare
5G

Why 5G could be a cyber security nightmare

6 Dec 2019