Choouo and Goozo worked together to create a solution that would comply with all of Goozo’s customer requirements from both the private and public sectors. This not only increased the security and legal compliance of Goozo’s solution, but also made it possible to offer greater accessibility and continuity.
Goozo is a product company that develops support for managers and HR departments. With their app-based solution, an HR department can follow up all personnel-related efforts made in the organisation, in relation to their measurements. In this way, the customer can see the effects of their work. Goozo caters to both the private and public sectors. Goozo’s current solution is cloud-based and is operated by Amazon Web Services (AWS). This same solution will now to be delivered to the public sector, and this entails some challenges.
The challenge is that American authorities have the right to collect stored personal information from any company operating in the U.S. that controls and owns its information, regardless of the storage location. This right has been widely criticised from a privacy-protection point of view, since in theory it allows the United States to access information without the need for consent from the country where it is stored. The challenge here is to counteract this possibility by taking technical measures to prevent such data collection from occurring.
Together, Choouo and Goozo developed a solution that meets the requirements of Goozo’s customers in both the public and private sectors. This was carried out by creating environments with technical limitations that make it impossible for users, to activate third-country transfers - even accidentally. There are far-reaching measures for encrypting data, regular testing of backups for increased continuity, and the environments are monitored in such a way that it is possible to provide evidence of key usage and access to data. Goozo commissioned Choouo to develop a cloud-based solution, with AWS ClearStart as its foundation, that would ensure that Goozo’s solution met the public sector’s security requirements. These are based on Swedish and the European Union's (EU) regulatory requirements, including the Law on Public Access to Information and Privacy (lagen om offentlig tillgång till information och sekretess, OSL) and the General Data Protection Regulation (GDPR), as well as recommended measures from the report “Cybersäkerhet i Sverige 2020” (“Cybersecurity in Sweden 2020”).
Choouo used a special method to set up the encryption keys so they can only be used within Sweden. The keys are owned by the end customer and managed by either the end customer or Goozo’s representative. The confidentiality of the data, and thus the personal privacy of the users mentioned in the stored information, is preserved, despite the risk of data disclosure. With Choouo’s solution opened up the opportunity for Goozo to deliver its cloud solutions in the public sector market, as well.
2024 Choouo - All Rights Reserved.