“Today I made a decision. I am going to the bank, take out my money and keep it at home. I am thinking of putting all of it into a safe box hidden between books, or maybe divide it into smaller lots and hide it in different rooms. But maybe the best solution is to hide it under the mattress, in the good old fashioned way. I just don’t trust anymore. I am not sure that my money is safe in the bank. Who has it? Where is it kept? Who has access to it? The more I think about it, the more overwhelmed I feel! Right now I am going to take everything out of the bank.”
Maybe a few years ago there were still people who thought like that about depositing their money in a bank, using plastic money, or electronic banking now widespread. It’s the fear of the unknown, of what we don’t see and cannot control. But really it is possible for our money to be safer at home than in a bank? I guess not. For good reason, by law banks are equipped according to regulated security measures (embedded concrete safe boxes, electronic detectors, connection to the alert switchboard, etc…) which most homes don’t cover.
Similarly electronic money management is legally regulated; such that anyone can be assured that their transactions with plastic money or e-banking movements are perfectly safe, even if done virtually. What’s more, e-commerce and internet shopping have increasingly become something common, overcoming early fears. Money is in the cloud, our money is in the cloud and this had brought us undeniable advantages (easy access to our information, immediacy in activities, internet transactions, saving time, etc…); something that’s become so totally standard today.
And if we're used to something so important to us in the cloud, then why are some still afraid to take business management systems to the cloud?
Just as it happened with virtual money, little by little companies are corroborating the benefits of the cloud. But nonetheless, it is true that by setting up this for people, we are inevitably entering your personal data and obviously these require special handling, my reason for this article—like very stringent security measures that must also satisfy geographical peculiarities. But precisely because of this, having a good HR management system that can cover all peculiarities may be very favorable for our management.
And how can we know if an HR technology system is safe? How do we know if it meets all the requirements for safeguarding information on my employees, while ensuring legal compliance with each specific region? To find out, it is imperative that before making a decision to buy we ask ourselves the questions below:
Where is my data stored?
A Cloud or SaaS system requires no installation by the buyer, as the system is hosted on a provider’s server. But it is very important to know in which country this server is, as this will determine the security measures that apply to the data stored which vary by geographic regions. For example, if the server is in Spain, the customer can remain calm concerning his data security, because the legislation that applies in this country, and in many European countries, is most demanding with respect to data security issues. For instance, a Swiss company can be reassured that this server will meet the security standards required for its information.
These safety measures depend on the provider, who is required to ensure compliance with security standards as stipulated by the customer’s nationality. Therefore, when the provider's server is hosted in a country with less severe security measures, it must sign an agreement with the client guaranteeing extra security which isn't actually required by law where the server is hosted. But for obvious reasons, the latter is always less desirable/safe than the previous case.
And that’s without mentioning those cases where information migrates from server to server, from country to country, and you never know where the information is being kept. Here it is more difficult to ensure complete data security. As this is all about managing personal information, I wouldn't risk it.
What data am I saving?
In this case, we refer primarily to the nationalities of the employees whose information we are keeping. While the previous point depended on the provider, here the customer is responsible for making sure the legal requirements needed are met in each geographic area where employees are managed. For example, an American company that has data on French, English and Spanish employees must know what security standards it is obliged to meet in the respective countries concerning the security and confidentiality of their citizens’ information.
However, if the provider already knows of these needs, and has experience managing global human resources, he can directly meet the needs of the client in this regard, ensuring full compliance with the legislation in force in each country. Moreover, in this case the cloud model is particularly advantageous: each time there is a change in legislation concerning this, it will be updated in the system in real-time and globally across all branches of the company, which makes it difficult for there to be legal holes.
Does the system cover me?
Actually, this question is implied from the previous two. It logically follows to take a closer look at what data I am saving and where. Before choosing a solution, one must know the region or regions of the servers where your data will be kept, whether they will be permanent or change over time, and demand that legal requirements for the country are met at each location, while anticipating additional agreements to cover the shortcomings, if any. Or perhaps prefer providers who offer servers hosted in countries with stricter legislation. One must also know how experienced the provider is on global issues, that is to say, how many nationalities it has managed and is managing. In fact to be able to do this, there must have been months of prior contact with the country in question, pooling procedures and best practices that not every provider can claim. An example of this is data retention: how long can or must certain data be stored by geography is a kind of knowledge that not all providers can deliver.