When you meet Christian Holthe, CatalystOne’s Chief Information Security Officer, you’ll quickly see why colleagues describe him as both a guardian and a joker. He’s been with CatalystOne for 20 plus years, he’s a passionate gamer, and every Halloween he’s the first to show up in full costume—always ready to bring good humour to serious work.
But behind the laughs is someone who takes data security extremely seriously. And right now, Christian has something big to share: CatalystOne has just completed its move to host all customer data in Sweden.
“This is something we’ve been working toward for a long time,” Christian explains. “Becoming what we call the Nordic fortress for HCM. And moving our infrastructure to Sweden is a huge step in making that vision real.”
For CatalystOne, the move wasn’t about chasing a trend—it was about aligning technology with Nordic values and customer needs.
“This strengthens our ability to serve Nordic customers with better performance, resilience, and scalability,” Christian says. “It’s about preparing for the next decade, not just today.”
From an external point of view, the move offers a range of benefits:
Christian is quick to point out that these choices aren’t just technical ones.
“HR teams are guardians of some of the most sensitive data in any organisation,” he says. “Salaries, performance, health records—this is personal information. Protecting it is about protecting trust.”
That’s why CatalystOne’s model goes further than most.
“Our Nordic-based team are the only people with access to customer environments. It’s role-based, auditable, and controlled. And the encryption keys? We hold them ourselves. Not even Microsoft can unlock them.”
“It’s a fair question,” Christian says. “If US-based providers carry risk, why not switch to a local or European alternative?”
The reality is that over 90% of European businesses still rely on one of the big US data infrastructure providers (should we avoid names or just say Microsoft, Amazon, or Google). These hyperscalers invest billions every year in security, performance, and innovation—things smaller providers simply can’t match right now.
“Moving everything to a niche or national cloud would mean slower systems, weaker protection, and less flexibility,” Christian explains. “In tech, even a year’s delay in innovation is a big step back.”
That said, CatalystOne is not standing still. “We know legal and geopolitical risks are evolving. That’s why our move to Sweden was so important—it’s part of our readiness plan. It ensures customer data is secured locally in the Nordics, while we continue to scenario-plan and strengthen resilience for the future.”
For Christian, choosing an HCM vendor today goes far beyond comparing features or price.
“First and foremost, you want to sign with a vendor who has a modern product, run in a modern cloud environment,” he says. “That’s not optional anymore—it’s a necessity if you want to manage data with the highest level of security.”
But technology is only the starting point.
“When you’ve found the right product, you should look at the partnership potential of the vendor,” Christian continues. “Do you share the cultural fit needed for a long-term relationship? That matters just as much as the tech.”
So, what should HR leaders be asking their vendors? Christian points to a few essentials:
And above all:
“You need a vendor who operates their own platform, plans for the future, and puts customer control at the centre. That’s what builds trust for the long term.”
For Christian, this milestone is also personal.
“As a gamer, I think a lot about strategy and defence,” he says with a grin. “Building a fortress isn’t about locking yourself away—it’s about being prepared for whatever comes next.”
And yes, when October rolls around, he’ll still be first in line to put on a Halloween mask. But when it comes to data protection, there’s nothing playful about his mission.
“This move to Sweden makes CatalystOne stronger, more resilient, and more secure. It’s about building trust that lasts—today, tomorrow, and for years to come.”