IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

How People HR is using the cloud to prepare for GDPR

With months to go until the new data protection laws come into force, organisations are looking for innovative ways to ensure compliance

Companies in the UK are bracing themselves for a new challenge this year: GDPR.

GDPR, or the European Union General Data Protection Regulation to give it its full name, has raised many questions for companies, with one of the most complex being how they manage all the personal data they hold on individuals who will be protected by the new rules.

People HR, a Lincolnshire company selling web-based HR software, is one such organisation. The business has just over 60 employees and 4,500 customers, with 120 new ones coming onboard each month.

Sat Sindhar, managing director at the company, tells IT Pro the company has been looking at ways to secure all its sensitive data and began working on ISO 27001 at the beginning of 2016. Although this isn't a guarantee a company is GDPR compliant, Sindhar explains, it gives customers reassurance as to a provider's credibility.

Going through this process, however, the company realised it would need an "army of people" in order to manually sort through log files, and so six months ago it began looking around for a company to help provide a managed service that would solve the problem.

Protect data, protect customers

Sindhar says that in the HR world, data protection has always been absolutely critical.

"We've never been in a position where we've been providing products that didn't really need to comply with the data protection act in this country and in Europe," says Sindhar. "Similarly customer concerns about data security has always been quite high up on the agenda, if not the single most important thing on the agenda."

He says in order for People HR to meet the new GDPR reporting requirements, the company needs to have particular technology and services from their providers.

"It's impossible to really meet the GDPR reporting requirements if you're a company like us with thousands of customers, on a manual basis," he explains.

If a problem arose, then People HR would need to carry out a forensic level analysis of their infrastructure to find out who accessed their data. This would need to happen in order to feed back to their customer and to comply with GDPR laws, says Sindhar.

After looking at a number of offerings, the company ultimately plumped for Rackspace Managed Security.

"Rackspace was interesting for us because not only were they able to provide the technology products, the components we needed to provide GDPR compliance, but they were able to supply the people there as a team who were then using these components," Sindhar explains.

"That was the most important thing to us, to have the people we could turn to in times of need, to have the people there who were actually looking at what we were doing in a proactive fashion, identifying potential issues and problems before they even arose and dealing with them."

Racking up customers

Daniel O'Neill, senior manager of cyber security at Rackspace, says most companies are becoming more aware of GDPR: "GDPR has big momentum amongst many businesses, certainly since the [beginning of 2017]. I would say most business leaders I speak to now the conversation will involve, or revolve around, GDPR. It's on the minds of most business leaders now as they look to prepare themselves ahead of the 25 May 2018."

He wasn't surprised by People HR's proactive approach, but says it was nevertheless "encouraging that a business acknowledges that security and cyber security is crucial to not just protecting the business but enabling the business in the current threat environment".

"I think it's important that businesses have started preparations now. We've known about GDPR for some time," said O'Neill. "A pragmatic approach for many businesses is to look at what they do now. We have data protection regulations in place, we have compliance frameworks. If businesses can identify the processes they do already and map those across the GDPR, they can then focus on the real gaps that they need to address to make themselves compliant."

Sindhar echoes this as many of his European customers are "particularly vocal on the question of GDPR", he says. Those customers need to know People HR have the correct technical and organisational measures in place before signing up.

"This is the singularly most important thing right now when it comes to security conversation for European customers, absolutely," he added.

In terms of why People HR have been so proactive, Sindhar claims it's because the company needs to think of its customers.

"If you centre our universe where our customers are and you think about the HR professionals out there then it's essential that we give them a secure, reliable, safe system that meets all the legislative and regulatory requirements. When you think about it like that it becomes quite easy to understand why we needed to be proactive," said Sindhar.

Sindhar has four pieces of advice for other companies looking to become GDPR compliant: "Don't bury your head in the sand, separate fact from fiction, work with partners that help you and don't do things just for GDPR but use GDPR to make yourself better."

Main image credit: Shutterstock

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download


Cloud security market to hit $106 billion by 2029
cloud computing

Cloud security market to hit $106 billion by 2029

11 Apr 2022
Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation

Iboss protects web sessions with remote browser isolation

16 Aug 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022