HR service provider Randstad plays it safe when it comes to data protection

In this article you will read about,

• why the HR service provider Randstad was looking for a German hyperscaler,
• how the Open Telekom Cloud ensures full data protection in accordance with the GDPR,
• and why bare metal servers are so important for Randstad's IT.

In the office or in the public administration, in the factory or in the store: When there is a shortage of personnel, companies turn to Randstad to fill the vacancies quickly. Conversely, applicants go to the HR service provider to find a suitable job – from temporary positions to permanent roles.

In order to place personnel as effectively as possible, Carsten Priebs, CIO at Randstad, and his team are digitalizing a growing number of processes in the company; particularly at the interface between Randstad consultants, clients, and candidates, i.e., the successfully placed applicants. At the heart of the digitalization are the HR service provider's e.solutions: various applications in which time management, personnel planning, and other information relating to employment come together.

At the heart of the e.solutions is the "MeinRandstad Portal" for decentralized time recording, which was developed by the IT service provider Kretschmer + Partner, based in Heilbronn. For more than 15 years, the two companies have been working together closely and in a spirit of trust to successfully shape Randstad's digital ecosystem.

While the candidates book their working hours in the MeinRandstad Portal, the customers use the software to check invoices. There are also various apps associated with the portal that candidates can use to view their shift schedules, submit vacation requests, chat, or coordinate training measures. "A lot of information in the portal and apps is linked to personal data, which we have to protect, in particular due to the European General Data Protection Regulation (GDPR)," says Rosa Rodriguez Fernandez, the manager responsible for e.solutions at Randstad. Ensuring data protection is, therefore, a high priority for the management at Randstad.

While Kretschmer + Partner initially operated the software for Randstad in its own data center, it then the moved to the cloud of a US hyperscaler in 2016. At time, the "Privacy Shield" data protection agreement regulated data processing between the European Union and the United States. The background: According to the GDPR, all data transfers to countries outside the EU must ensure that the level of data protection in the destination country is equivalent to that in the EU. However, the European Court of Justice (ECJ) recently concluded that the Privacy Shield cannot guarantee adequate protection.

Following the ECJ decision to overturn the Privacy Shield with its ruling on Schrems II – named after Austrian privacy activist Max Schrems – in the summer of 2020, there is no longer an official policy for processing personal data in the US. As a result, since US hyperscalers are subject to US legislation such as the Patriot Act, US authorities can access personal data without a court order. For Carsten Priebs and his team, it was therefore clear "that we had a major task due to the legal gray area in terms of data protection."

It was against this background that Kretschmer + Partner actively sought a GDPR-compliant public cloud for Randstad. The requirements? It should provide the same performance as a US hyperscaler. The company did not want to forgo the numerous technical and operational advantages of the public cloud. However, the cloud had to come from a German provider that could guarantee that sensitive and personal data would remain in Germany. Both the company’s internal legal department and the law firms consulted for advice were in favor of this. They also advised against the so-called standard contractual clauses, in which companies agree bilaterally with a foreign data importer on the level of data protection.

The Open Telekom Cloud met all of these requirements convincingly. "No other provider offered exactly what we were looking for in terms of data protection and hyperscaling. Today, with the Open Telekom Cloud, we use an OpenStack-based infrastructure that can be flexibly developed and scaled. And we can easily integrate technologies such as container services like Docker in the future," says Andreas Müller, managing director at Kretschmer + Partner.

Since October 2021, the portal and apps have been running productively on the Open Telekom Cloud, including Randstad's messenger app, which was developed specifically for temporary workers' communications. Everything is located in various high-availability zones in Telekom's high-performance data centers in Biere and Magdeburg, so that the data is always redundant. For the back-up, Kretschmer + Partner uses the Open Telekom Cloud object storage service, which is also compatible with the S3 object storage service from AWS. The IT service provider controls the required cloud resources with Auto Scaling and the Elastic Load Balancer. In terms of cyber security, it relies on distributed denial of service (DDoS) protection and other upstream security functions against SQL injection and cross site scripting, among other things.

One special feature: For licensing reasons, the Microsoft SQL Server database servers must run on dedicated hardware. According to Andreas Müller, this could be easily implemented with the Open Telekom Cloud's bare metal server – also secured in two high-availability zones: "No other German provider could meet this requirement."

Up to 20 million euros or 4 percent of the company's turnover: These are the fines faced by companies that do not comply with the GDPR. In addition, there is a loss of image and trust on the part of customers and employees. Randstad doesn’t have to worry about these kinds of risks. Another advantage: Thanks to the Open Telekom Cloud, the HR services specialist is responding to the needs of its customers, for whom data protection and data security play an increasingly important role. According to Rosa Rodriguez Fernandez, it is now standard in tenders for them to ask where, by whom, and with which IT systems personal data is stored and processed.

Randstad also sees itself as well positioned with the Open Telekom Cloud when it comes to IT infrastructure. Andreas Müller can imagine automating further processes in the cloud and using micro services or Docker containers for this purpose. Since container services require fewer Windows licenses or these can be replaced by Linux licenses, costs can be reduced. In addition, the HR service provider can fine-tune cloud resources and scale them more quickly: Currently, if portal operations require more performance, new server capacity can be added within a few minutes – with containers, this would only take a few seconds.