It’s hard to overstate how important a great HR Tech stack is to your recruitment process. It helps get the right candidates in one end and great hires out the other. But added technology of course means more opportunity for security breaches, and the millions of dollars in lost productivity, time-consuming fixes or big fines from the likes of the GDPR.

After all, most technology involves handling data in a more useful way – that means you’re trusting a third party with information about real people and real lives. Best-case (and most likely) scenario is that nothing happens and everything is fine. But the worst case is pretty bad, so it’s worth preparing for it.

While that new HR Tech provider might have just the feature set you need, they’ve also got to bring the security goods – and you need to put security on your mental whiteboard under “priorities”. It’s about protecting your organisation and your candidates, rather than seeing it as just another box for your tech-team to tick. So before you hand any new potential HR tech providers over to your CIO, here’s what to ask.

Four non-technical questions to ask any new provider

1. What are you doing about GDPR?

GDPR (General Data Protection Regulation) has some very strong opinions about how you protect data. It’s a Europe thing, but since we’re all linked online, it reaches far beyond that. The GDPR, which came into effect in May 2018, has made data breaches very big, very expensive problems – even if they happened in a third-party system (like in your HR technology).

In January of 2021, Spanish bank Caixabank was hit with a six million Euro fine. A few days earlier, online retailer notebooksbilliger.de was fined an eye-watering 10.4 million Euro.

So yes, you want it watertight across all of your providers.

So, ask your provider what they’re doing about GDPR. Look for reassurance that the data held in the HR Tech provider’s system is automatically encrypted, which helps side-step a lot of issues (and fines) if there’s ever a breach.

2. Does a third-party expert assess your software security?

The only acceptable answer is, “Yes! Here’s all this wonderful documentation to prove it.” That tells you that they’re actually taking your security seriously, instead of just writing nice web pages about it. Because outside experts are paid to find holes in their security infrastructure, the report itself is also useful – it gives you a real insight into the state of their systems.

3. What’s your plan if there’s a breach?

Even the most watertight system has a fatal weakness – people. One study suggests that human error could be responsible for as much as 95% of all confirmed breaches. Since you can’t get rid of the humans, you’ll need to plan for a breach – what will your potential HR tech provider do? They should have an effective disaster plan that will reduce your system downtime, limit recovery costs and secure your data again fast. You want the HR Tech-equivalent of a survivalist bunker with a year of canned food and water.

4. How can I check up on you?

You check up on a candidate’s claims, so do the same for any provider. Good vendors will connect you with past or existing customers and might have (or are working towards) ISO certification.

Make life easier: ask the hard security questions

Major breaches are so rare, it can be easy to forget they can (and do) happen. But the fallout, especially now that GDPR auditors are looking over your shoulder, can be major – financially and reputationally. That means security is now everyone’s problem, not just the IT department’s. So, sure, leave the tech questions to the tech people, but you can perform due diligence too. Ask for references, documentation and a solid disaster plan, so you know you’re covered whatever happens.

Thinking of adding Weirdly to your HR Tech stack? Not at all surprisingly, given we wrote this article, we can answer these questions (and more!) – get in touch.