Close

What if you tried Digital Sovereignty for your HRIS?

Source: Pixabay

Are you looking for your HRIS (Human Resources Information System), or do you want to change your system? What if you tried a sovereign application?

No, you’re not dreaming, I’m proposing to be a little disruptive, yes you the company manager or you the CIO, what if you avoid imitating what your competitors and partners are doing?

In this article, I will try to give you some keys to choose your tool such as the questions to ask yourself, the advantages of choosing a sovereign solution. Yes, I suggest you to be bold, and this in complete safety!

 

HRIS issues and expectations ?

 

There are two possible scenarios, the first is that you do not yet have an HRIS and even less an HRIS in the cloud (SaaS), or you have already taken the step a few years ago, and the need for a possible change is felt…

You have already a tool

First, you need to validate the reasons why you want to change your tool. These reasons can be grouped into two distinct categories: functional and marketing. Let’s tackle the marketing reasons right away! Changing a tool just because a new vendor gave you a nice demo, with a nice interface, is not a valid reason, I won’t dwell on the variations on this theme.

Let’s now look at the functional aspect, the reasons for wanting to change HRIS can be of several types such as a bad user experience that makes its adoption uncertain, a prohibitive cost compared to the features and legislative maintenance required, features that were not available at the time of your choice, moving from an on-premises model to a SaaS model, etc.…

 

You do not have a dedicated tool

This situation is probably currently more common among small and medium-sized companies, or even very small businesses… The issues are which solutions provide the maximum number of functionalities for the best quality/price ratio. You must therefore determine which HR processes you absolutely want to digitize to facilitate your HR management and avoid any problems related to a less formalized follow-up. It is likely that the management of vacations is a good example, as well as the management of expense reports for those who are confronted with it, then when you work in a sector where you re-invoice the activity, the possibility of tracing the activity of your employees by customers…

 

These are the issues that you may have to deal with in one case or another. But there is one point that seems important to me, and that is to know if the solution you choose is protective of your employees’ data. Depending on the choice you make, which jurisdiction will you depend on, American or French? Does your supplier know European legislation well enough, and more particularly French legislation?

The personal data of your employees is precious, and the invalidation of the #PrivacyShield (effisyn SDS), which calls into question the transfer of data to the US, is an often underestimated point

Faced with this problem, a French or European solution seems ideal. But as we shall see, this is indeed the case but with certain reservations …

 

French or European HRIS, which criteria?

 

I will not go back over the functional criteria and your operating mode, which are your own and therefore specific to you. My bias on the criteria I propose corresponds to two axes: first of all, a desire to select a French solution, and also to reduce the legal risk to which you may be exposed with solutions, particularly American ones, on the protection of your employees’ data.

A solution developed in France by a French company already has the advantage of being under French jurisdiction in case of disputes with your supplier. Legal conflicts are never pleasant, but if you add the complexity of the American legislation, it is a parameter that is not necessarily major, but which is of certain interest.

But that alone is not enough. You need to understand which hosting solution these solutions you are interested in offer you. Indeed, we cannot talk about sovereignty if the hosting of your data is located, in particular, at one of the major players of the American Cloud such as #Google, #AWS (Amazon) or even #Azure (Microsoft), I won’t even mention the Chinese cloud, as this idea could seem inane given the political regime…

Why, I insist on this subject, is that if you host on the American Cloud, you become dependent on the American laws that are the Patriot Act and the Cloud Act.

The complexity is increasing for international companies with employees located on both sides of the Atlantic, but this could extend to the United Kingdom, which in the context of the #Brexit challenges the overly restrictive framework of the RGPD … Indeed, with the invalidation of the Privacy Shield which prohibits de facto transfers of (personal) data between the US and Europe, and which also question the legal soundness of the standard contractual clauses, lead companies into a gray area full of legal uncertainties. One of the issues that needs to be addressed is how a manager located in the US can access the personal data of one of his employees located in France… As long as there are no conflicts, no problems, but…

Some actors will tell you that the data is encrypted and therefore none of the cloud providers can access the data… The problem is not there, the problem comes from the fact that the American state can decide to collect data that it knows is present on these servers, and the provider will be obliged to provide it and will be in the legal impossibility of informing you… These cases exist and are used by the American government in the economic war that is being waged. And don’t be mistaken, French companies, big or small, are interesting targets, especially if they have technologies not mastered by the Americans or giving too much strategic autonomy to the targeted country (like the Alsthom case) …

Two examples of beautiful French and sovereign solutions

 

I do not claim to have an exhaustive knowledge of French and sovereign HRIS solutions, but out of the few I had the opportunity to study, two caught my attention.

The first one is Eurécia, even if some could reproach it with a design far from the classic digital solutions, it has all the relevant functionalities for an HRIS and addresses the desires of both very small and large structures. It offers all the features on its platform and also on its mobile application. It has a simple and easy to manage pricing model and has a responsive sales team. And its hosting and back-up are on the sovereign cloud. The initial configuration is on an autonomous mode, which requires a good understanding of digital tools, as well as minimal HR skills. This drastically reduces set-up costs and above all allows for almost immediate implementation. Any specific support is offered in the form of services (of course invoiced).

The second is Lucca, a solution with a sleek design, built on a modular model (8 modules grouping the different HR processes) that can be subscribed to independently. This is also a very nice solution. The design is very sleek, and the handling is simple for the end user. Although this solution is very attractive, I have two reservations. The first one is that the implementation requires the intervention of an expert (who is charged) and the price list, for small structures, is not the most readable and the least expensive. The second downside concerns the backup of the back-up, if the hosting is sovereign, the back-up is at Microsoft, even if it is on a data center in Europe and encrypted, it is for me a small shadow in the picture.

 

Conclusion

 

For companies looking for an HRIS, there are French solutions that are real alternatives to the solutions of American digital giants. They offer a better protection of your personal data, and in addition the sales and support teams located in France, offers a quality of relationship often closer compared to the big solutions.

For HRIS solution providers, and more particularly French ones, I would find it interesting to see an evolution of platforms allowing different hosting by geographical zone, we know for example that Russia asks that Russian citizens’ data be hosted in Russia. China (Magazine-Décideurs) is also adopting a data protection regulation, even if the intentions are not the same as our RGPD, it is clear that a number of countries are taking protection measures, and that in the long term this will raise questions about the way we build our HRIS.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Leave a comment
scroll to top