We want to offer a European alternative without legal grey areas
Interview: Hailey's Head of Legal on data protection that stands the test of time
We sat down with Jakob Iwars, Head of Legal, to talk about why Hailey has chosen to build out legal grey areas from the platform. It turned into an important conversation about trust, transparency and long-term responsibility towards our customers.
"The requirements for privacy and security have always been high for us. Data protection isn't an optional extra when you choose Hailey. We work with it continuously and follow developments in the outside world closely to stay one step ahead."
EU citizens' rights clash with American surveillance
The EU has strong rules for how personal data should be protected. But in the US, authorities have the right to collect data on foreign citizens without informing them. This has created major problems for cooperation between the EU and US – particularly when it comes to the use of American cloud services.
Many European organisations rely on American suppliers based in Europe. But because they fall under American legislation (such as the CLOUD Act and FISA 702), there is legal uncertainty about whether personal data is then sufficiently protected under GDPR.
Several attempts to resolve this through joint agreements have failed. The latest, Data Privacy Framework, is already being questioned because it's built on a political decision that can be withdrawn at any time.
"Even though the agreement promises certain rights, it's hard to see how they'll work in practice when you don't even get to know that your data has been requested."
Hailey processes personal data with EU-owned suppliers
That's precisely why we've chosen to handle all personal data processing in the Hailey platform with EU-owned suppliers – without exception. This applies to user data as well as metadata, logs, operations and backups.
"We've built a solution that doesn't depend on third-country transfers. We have control over the chain – we even scrutinise our suppliers' sub-suppliers. For our customers, this means less risk and less hassle in the event of any legislative changes."
Saying "we comply with GDPR" isn't enough
Jakob is clear that Hailey's data protection isn't built to tick off requirements, but to take customers' security seriously.
"Hailey goes further than GDPR in its data protection work because it's not about where the data is stored, but about who has legal access to it. It's the right thing to do. If we don't take the legal grey areas into account, we also risk our customers' trust."
We're building out legal complexity for our customers' sake
At Hailey, security is a shared responsibility. Legal, product and development collaborate in a continuous process to improve the architecture, scrutinise suppliers and keep policies and agreements up to date.
"It's a long-term responsibility. Our customers should be able to show in black and white that they handle sensitive data in a secure and responsible way, now and in the future."
When you choose Hailey, you get a secure, proactive and long-term HR system that meets the standards of the EU's strong privacy requirements and shows respect for the trust your employees place in you.
"When GDPR leaves room for interpretation, we choose the safe path."
Want to know more about our data handling, our suppliers or how we work with GDPR in practice? Read more here: