Big scale HRO and the legals

As outsourcing HR becomes increasingly common

As outsourcing HR becomes increasingly common, Kathryn Dooks, Employment Partner and Paul O’Hare, Head of Outsourcing at Kemp Little LLP, provides sound advice on current legislation governing outsourcing core HR functions.

Historically, companies tended to outsource individual “transactional” HR functions, such as payroll or recruitment, functions which can often involve low levels of complexity and “value add”. Outsourcing such functions freed up more time to focus on more strategic HR issues. These “single function” outsourcings remain very successful and the market for each type grows at a healthy rate each year. As these “transactional” HR services are relatively straightforward and low risk there are far fewer legal considerations when outsourcing such functions. Now, multi-national companies are increasingly outsourcing broader HR compliance functions, as a means of saving cost and focusing staff on core business lines. Whilst these larger, multi-function deals have been around for a long time, employers remain concerned about outsourcing functions which are perceived to be risky and bound up in reputational issues, especially as ultimate liability remains with them. Part of the solution is to rather than simply outsourcing a problem, understand your obligations, clearly map your policies and procedures to the supplier’s solution and have appropriate oversight of the outsourced function. Procedures for internal auditing and performance and compliance reporting should be established.

It can be difficult to apply KPIs to outsourced HR functions which are less “transactional” in nature, as the appropriate indicator is a qualitative rather than quantitative one and therefore, by its very nature, difficult to measure, other than by employee satisfaction surveys and so on. These deals can often involve an overlap between the responsibilities of the employer and the supplier. In such circumstances, the parties should take care to clearly define where the employer’s responsibility stops and the service provider’s responsibility starts, to avoid issues falling between the cracks. Where responsibilities overlap, detailed service descriptions are key.

In addition, HR directors are increasingly using Cloud-based HR systems or ‘Software as a Service’ (“SaaS”) solutions as a cost-effective and efficient way of managing staff and HR data across the world. Cloud solutions can raise a number of data protection and security issues, particularly in an HRO context. Part of the challenge is that a typical “public” Cloud is a “one-to-many”, uniform solution with very little opportunity for the buyer to customise its requirements or the applicable contractual terms. The supplier decides where to store the data (which can be outside the EEA) and often can move it around different data centres across the world. The buyer remains responsible for employee data stored in the Cloud by the supplier. This may cause difficulties given that it is not always possible to determine the precise physical location of the data. Careful thought should therefore be given to whether a typical ‘public’ Cloud is the most appropriate type of solution available and what employee data should be stored in the Cloud. A buyer will want to ensure that the transfer of such data into the Cloud and by the supplier across the internet between data centres is secure and that data is encrypted.

The transfer of data into the Cloud means that the employer is caught by the data transfer rules within the Data Protection Act. Personal data may only be transferred to countries outside the EEA if: (i) the data subject has consented to the transfer; or (ii) the transfer is made on terms that are of a kind approved by the Information Commissioner as ensuring adequate safeguards for the rights and freedoms of data subjects; or (iii) the transfer has been authorised by the Information Commissioner as being made in such a manner as to ensure adequate safeguards for the rights and freedoms of data subjects. Typically, employers rely on employee consent.

Employee consent is also required if the Cloud solution involves the processing of any sensitive personal data, such as medical records. In any event employees should be informed of the way in which their personal data will be gathered and processed, either in the contract of employment or a data protection policy. As suppliers become more sophisticated in the HRO market, buyers become more comfortable with managing the risks around HRO, and with pressure on HR Directors to continue to cut costs and maximise the strategic role of the HR function, we are bound to see an increase in the scope of HR functions which are outsourced in the future.

Kathryn Dooks, Employment Partner
Paul O’Hare, Head of Outsourcing
Kemp Little LLP
www.kemplittle.com

Read more

Latest News

Read More

Bridging the gap between human interaction and the rise of AI

22 November 2024

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Latest HR Jobs

University of Oxford – Nuffield Department of MedicineSalary: £27,838 to £31,459 per annum (pro rata). This is inclusive of a pensionable Oxford University Weighting of

JOB TITLE: Hotel Manager – FTC 12 months – January 2025 start LOCATION; North West England SALARY: Around £45,000 per year plus performance-based bonus, rewards,

We are seeking a dynamic and driven Human Resources Officer to become a key player in The Welbeck Team In this exciting role, you’ll invent

Read the latest digital issue of theHRDIRECTOR for FREE

Read the latest digital issue of theHRDIRECTOR for FREE