Cloud, Compliance and the Case for HR Transformation to Support Your HCM Strategy

Executive Summary

HR leaders face the challenge of legacy approaches to the handling and processing of employee data. This can differ significantly between headquarters and subsidiaries, through a combination of different software application usage, third-party outsourcing providers and a distributed datacentre footprint. Similarly, the widespread adoption of cloud places even greater pressure on security regulations.

To address these challenges, and the need to become more strategic in the eyes of the business, CHROs are driving HR transformation projects and HR technology investments. A key ingredient in achieving the expected return on these initiatives is working with an HR technology vendor that can ensure that consistent data protection and compliance approaches are built into its services and software offerings as best practice.

HCM is undergoing a rapid transformation that is reshaping the management of the workforce. This is being driven by the evaluation of performance based on projects, collaboration and results, the overall engagement with employees, and how they can plan their paths and futures. The HR department, which has historically been a keeper of employee records, an administrator of training and a processor of HR transactions, is now evolving into a strategic partner for the growth of the organisation.

A key part of this HCM transformation involves proprietary solutions and manual processes rapidly giving way to packaged solutions and public cloud services. Adopting cloud solutions is likely to deliver increased functional user scope for customers, as well as delivering the efficiencies and flexibilities of cloud architectures.

But security concerns persist. Trusting sensitive information to a third party is a major step in any event, but putting employee data into the cloud, to an unknown location protected by vague assurances of security, is insufficient for most HR executives. How can employer organisations be certain that their employees' data is safe?

The game is about to get much more serious, in terms of both obligations and consequences. The General Data Protection Regulation (GDPR) will apply from May 25, 2018, and it increases the requirements on security and other personal data processing activities that seem to compound the risk. Importantly, GDPR is a regulation, not a directive, which means that it applies equally to all 28 member states with no need for transposition into national law.

In light of GDPR, companies are finding it difficult to understand and respond to regulatory changes as they take place. Non-compliance costs and risks can be significant.

Cloud — if done properly — can mitigate risks of non-compliance with GDPR and local employment laws. IDC believes that many companies will choose to outsource HR data processing in order to reduce their risk and compliance obligations. But an HRO provider must have a strong action plan, data flow maps, data retention plans, robust security platforms and data transfer programmes, all under the auspices of a data protection office (DPO).

This paper explains the impact of GDPR and shows how cloud can enable, rather than inhibit, compliance while enhancing your digital HCM strategy.

Tags: Midsized Business Large Business Multinational Business Risk and Compliance Integration Business Owner ADP DataCloud