Is your digital transformation working? Putting the basics in place

3rd November 2017

Digital Transformation

In the current business environment, it’s not enough to automate processes and increase efficiency. To succeed, companies need to be unique and truly differentiate themselves from the competition. Your customers are demanding a more personalised service, and their expectations about the service they receive from your business continue to rise every day. To meet rising customer expectations around their business, and stay competitive, companies need to move to a relationship/value based interactive model with their customers. This increasingly means starting with the customer impact first on any business project, initiative or budgetary spend. This is where digital strategies start and digital transformation can happen. Many businesses have started ‘digital’ programmes of work, but have not yet seen the rewards of their efforts.

At Wanstor we believe there are 4 things businesses should do before embarking on a digital transformation strategy. Under no circumstances is it good enough to dip a toe into digital transformation. Instead business leaders should either commit to a digital transformation programme of work fully or decide when they are going to commit to it. In summary – undertaking a digital transformation programme to execute a digital strategy is not an easy task and half-hearted approaches simply won’t work.

So what are the 4 things all business leaders should do if they want to successfully execute ‘digital’?

Take the time to develop a strategy

The strategy phase of the digital transformation process should help a business define and understand the problems it wants to solve and how it is going to solve them. The old way of working in business is to start with existing problems and requirements then develop a solution. This approach still has value, but only deals with problems that exist today, rather than looking at potential problems/pitfalls in the future. At Wanstor we recommend when building a digital transformation strategy, businesses should instead focus on outcomes and end goals if they are going to be successful. Ask questions such as – What does success look like? What customer experience do we want to create? What story do we want to tell to the business and customers?

Think about the key themes of your transformation and the experience you want to deliver. For example, a restaurant owner may want to personalise the dining experience further. Now the restauranteur has captured a vision of what they want to do, they now require a programme of work to help achieve the set vision. This is where digital comes into play. The restauranteur wants to create an actionable strategic vision that wraps around business objectives. To do this, they first of all need to identify gaps across people, processes, technology and offerings, and then create a roadmap to success. As well as having a clear plan, it is important that any digital initiative is completed at speed so as to stay ahead of the competition and improve the time to benefit ratio of projects which will affect the business and provide a customer with an improved experience.

Design with the customer experience in mind

Designing any solution to a problem in a digital world should always start with the customer in mind. This means thinking about how customers and staff will interact with technology to improve the dining experience for example. First of all think about focusing on the experiences you want to create for your end-users, not the requirements of the solution. Also consider how you can change the way employees engage and collaborate and the way customers interact with your business. Your goal here should be to build the right experience, and allows your staff and ultimately your customers to reach their end goals e.g. a more efficient front of house operation resulting in a better customer dining experience.

Put the right pieces in place

Having a strategy and a design is a great start to your digital transformation. But if you can’t assemble the right pieces – people, propositions, processes and technology you actually haven’t got anything apart from random parts. At this stage it’s time to start unifying the team, the processes and ultimately start shaping the experience. E.g. A restaurant wants to make online bookings easier on its website. To accomplish this, they need to connect the different points of the customer journey with the booking system. What does the customer do when they land on the restaurants website for example? How easy is it to find the booking application? How is the booking data relayed to the restaurant they want to book a table in? Do staff at the restaurant understand the booking system and the customer’s requirements when they book?

It doesn’t matter how many systems need to be involved, it should all be seamless and easy for the customer who should feel like they are accessing one single system. At Wanstor we usually find for processes like ‘restaurant booking’ most restaurant businesses already have the right pieces of technology and parts of the process, but it’s joining them together that is quite often the problem. The key to success is leveraging all disparate systems, services and existing technologies to power elements of the digital ecosystem. Quite often a simple gap analysis of where you are now vs where you want to get to, highlights areas which need to be joined up or require work for integration. By putting the disparate pieces together ‘digital’ can actually start to become a reality.

Get ready for success

The final piece of the digital transformation puzzle is getting and keeping everything running smoothly. Regardless of your deployment method, you will want to implement a plan for continuous management and support. This starts with a dedicated digital transformation team who can help implement governance and a plan to keep your ‘digital’ roadmap and architecture up-to-date at all times. For IT they should consider adding a shared support structure, along the lines of a shared services centre, with skills across a variety of disciplines, such as change management, process optimisation, and agile management, so they can build repeatable processes that are supported by a dedicated group of experts. If you don’t have these skills in-house, you should find a managed service partner who can supplement the team with these skills.

In summary at Wanstor we usually see digital transformation programmes failing or not delivering the benefits they promise as teams, people, processes and technologies are disconnected. By following the 4 steps above you should have by now, grasped that digital transformation is not just about technology but about business change. Those businesses which put together the right strategy, design, and processes in place will ultimately achieve their digital transformation goals.

At Wanstor we believe ‘digital’ can bridge many business and technology gaps. By bringing together a top-down business approach with bottom-up operational experience ‘digital transformation’ adds customer, employee, and operational value by leveraging disparate products, services, and existing technologies, to create, build, and manage digital ecosystems.

By using digital transformation programmes to innovate and improve, businesses can create a long-term competitive advantage. One that creates improved customer loyalty, more customer spend and reduced business operating costs.

Read More

GDPR is fast approaching – here’s what you need to know

27th October 2017


General Data Protection Regulation, or GDPR, will in many cases revolutionise how businesses process and handle data. Since data protection laws were created in the 1990s, they are now no longer fit for purpose.

GDPR is the EU’s answer to an ever growing problem of data volumes and how organisations are using, storing, analyzing and managing their customers, suppliers and partners data. GDPR will come into force on the 25th May 2018, but many businesses have still not allocated budget, time or resource to the new GDPR compliance guidelines. Because of the fines involved for non-compliance and the potential business benefits it could bring in terms of information management, GDPR is not something that should be ignored.

To help your business understand more about GDPR and what it needs to do in preparation, here is Wanstor’s brief guide to GDPR success.

What is GDPR?

GDPR is the EU’s new framework for data protection laws, replacing the 1995 data protection directive which UK law is based on. The EU’s GDPR website states that the legislation is designed to ‘harmonise’ data privacy laws across Europe, as well as to give greater protection and enhanced rights to individuals. Within GDPR regulations, there are significant changes for businesses who handle customer, supplier and partner information. The 25th of May 2018 is the most important date to remember with regards to GDPR – it is the date upon which this legislation goes live.

Why do we need to comply with GDPR? There are data protection laws in place.

Each member state in the EU operates under the current 1995 data protection regulation and has its own national laws. In the UK, the current data protection act of 1998 sets out how personal information can be used by companies, the government, and other organisations. GDPR changes how personal data can be used, stored and managed. The existing data protection laws in the UK will be updated based on new GDPR guidelines, which that means all businesses in the UK will have to adhere to a new set of data protection policies.

Okay, so the law is changing around data protection. How will my business be affected?

Individuals, organisations and businesses that are either controlling or processing personal data will be covered by GDPR. Both personal data and sensitive personal data are covered by GDPR.
Personal data is identified as a piece of information that can be used to identify a person. This can be a name, address, IP address, email address… you name it, and there is a strong likelyhood that it can be classified as personal data.
Sensitive personal data encompasses information such as genetic data, information about religious and political views, and sexual orientation. These definitions are pretty much the same as those within current data protection laws, and often relates to information that is collected through automated processes.

Where GDPR differentiates from current data protection laws is that data which could be interpreted as personal data may fall under the law, if it is possible that a person could be identified by information they have given which may or may not relate to them.

For businesses, this means undertaking a process of identifying all potential personal data that they hold, identifying where it is stored, ensuring that it is being managed correctly, and guaranteeing that they can delete it if requested. Although this may sound like a simple process, the reality is very different. Many businesses hold personal customer information in silos across the estate, as it is used by different departments for different purposes. So taking the time to identify all potential personal data is a challenging task which must be undertaken by the IT team and functional business units.

So, what’s different to existing data protection rules?

There are 99 articles setting out the rights of individuals and obligations placed on businesses covered by the GDPR regulation. These include allowing people to have easier access to the data that companies hold about them, a new penalty regime and a set of clear responsibilities for businesses when obtaining consent from people that they collect information about. Businesses covered by GDPR will be held more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and relevant documents in place on how data is processed.

Under GDPR, the ‘destruction, loss, alteration, unauthorised disclosure of or access to people’s data’ has to be reported to a country’s data protection regulator (the ICO in the UK) where it could have a detrimental impact on those who relates to. This can include issues such as financial loss, confidentiality, and damage to reputation. Under GDPR regulations, the ICO will have to be informed of any data protection breach within 72 hours of a business discovering such an event. Additionally, the people who it may affect must be informed of the breach. This additional stress on the data management process is likely to test even the most robust data management strategies, and is why Wanstor are recommending that businesses take action now to assess where data is stored and to make improvements to information management strategies before the new legislation comes into being. Come the 25th May, it may prove extremely costly should businesses prove unable to locate data which they are holding that is involved in any form of breach.

For businesses with more than 250 employees, there will exist a requirement demanding documentation that justifies the need to collect and process people’s information, describes the information that is held, how long it is being kept for, and descriptions of the technical security measures being employed in order to protect this data. Additionally, companies that have ‘regular and systematic monitoring’ of individuals on a large scale or that process large volumes of sensitive personal data will be required to employ a Data Protection Officer (DPO). For many businesses covered by GDPR, this will mean hiring a new member of staff in order to comply with GDPR regulation.

There will be a requirement that businesses obtain consent for the processing of data in certain situations. When a business is relying on consent to lawfully use a person’s information, they will need to explain clearly that said consent is being given, and there will need to be a ‘positive’ opt-in.

Access to data

As well as placing new obligations on businesses collecting personal data, GDPR also gives individuals greater power to access information that is held about them. At present, a Subject Access Request (SAR) allows businesses and public bodies to charge £10 when releasing personal data requested by any individual. Under GDPR, this will be scrapped, and requests for personal information can be made free of charge. When someone makes a request for personal data held by a business, that business will be required by law to divulge this information within one month of said request. Everyone will have the right to obtain confirmation that a business holds personal information about them and to access this information. Additionally, GDPR gives a person rights around the automated processing of data. The ICO states that individuals ‘have the right not to be subject to a decision’ if it is automatic and it produces a significant effect on their person. There are exceptions to this, but generally, individuals must be provided with an explanation of a decision that has been taken about them.

The new regulation also gives individuals the power to have their personal data erased. This includes where it is no longer necessary for the purpose it was collected for, if consent is withdrawn, there is no legitimate interest or if it was unlawfully processed or collected in error.

What if we get it wrong?

One of the most topical elements of GDPR will be the Regulators ability to penalise businesses that fail to comply. If a business does not process an individual’s data correctly, this will result in a financial penalty. If it requires and does not employ a Data Protection Officer, it can again be subjected to a fine. The advent of a security breach may also present a costly issue to businesses.
These monetary penalties will be decided upon by the ICO; the legislation states that smaller offences could result in fines of up to €10 million, or two per cent of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million, or four per cent, of a firm’s global turnover (whichever is greater). Obviously the potential fines are significant, and significantly higher than the existing penalties of £500,000 the ICO is capable of issuing at this point in time.

There is speculation that the ICO will look to make examples at an early stage of businesses which fail to comply with GDPR – Wanstor understands, however, that this may not be case. Standard procedure for dealing with data breaches will be employed by the ICO. In reality, this may mean a letter of warning followed by a small fine for the first offence (depending on the severity of the breach), with larger penalties reserved for cases where gross negligence is indicated.

So how should I prepare my business for GDPR?

When implemented, GDPR will have an impact on all UK businesses. At Wanstor, we suggest the following action now, if this has not already been implemented:

• Undertake a GDPR compliance audit or assessment with your IT partner

• Develop a GDPR compliance roadmap with activity milestones in place

• If your business has more than 250 employees, you will need to recruit a Data Protection Officer

• Identify where new procedures need to be introduced across different business functions

• Recruit a GDPR project team with representatives from IT, Finance, Legal, HR, Marketing, Sales and Operations

• Ensure that data authentication and encryption is up to date

• Schedule training with employees where new GDPR processes will affect job specifications

• Make sure that time is allocated to test new data management policies and processes

• Meet with suppliers and partners to ensure that they are GDPR compliant and do not present any threat in the form of a data breach

• Ensure that clear procedures are in place around the processing and deletion of data

• ‘Right to be forgotten’ requests must be administered within the new GDPR guidelines

Developing the right approach to the rules

In the coming months, businesses can expect an abundance of official guidance from national bodies such as the Information Commissioner’s Office. This will clarify and dictate the detail of what specific industry sectors must do to prepare for GDPR. This does not mean that businesses cannot take the initiative and begin preparing now.

At Wanstor we believe businesses need to evaluate the personal data they hold immediately. In order to do this, a data audit should be undertaken with an IT partner who has a deep understanding of data and information management. Once the this audit is complete, IT teams should categorise the data so that they are clear where sensitive personal data is stored, and where other, less important data resides within the business. We recommend that once the data audit and categorisation is complete, a Data Map is drawn up to help both IT teams along with business stakeholders understand the different sources, patterns and storage areas of data throughout the company – and, most importantly, who owns this data and is responsible for the management thereof.

Once the data understanding exercise is complete, the GDPR project team should then take time to schedule and undertake regular risk assessments, and to ensure that these are executed regularly. This will help with understanding the level of threat imposed on the company when processing data. At Wanstor, we believe that a proactive, risk-averse approach to GDPR is the way forward. This approach will ensure that senior management recognises the dangers associated with the loss, misuse, theft or compromise of customer data.

In summary, IT teams should lead the GDPR project for business. They should take responsibility for making sure that their business, suppliers and partners have effective technical and organisational measures in place so as to ensure the security of data processing.

Read More

KRACK Wi-Fi attack – What you need to know

20th October 2017

patch management

A devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on data when devices or other endpoints connect to the Wi-Fi network. Dubbed KRACK (Key Reinstallation Attack), the issue affects the Wi-Fi protocol itself, and works against all modern protected Wi-Fi networks. This means that if any device uses Wi-Fi, KRACK is highly likely to impact it. Fortunately, over the course of this week major software and operating system companies have moved quickly to patch the issue. However, issues remain with many users not patching their devices or adhering to IT security best practices.

Read More

The first line of defence – Patch Management
Is your approach effective?

13th October 2017

patch management is your approach effective

Over recent weeks at Wanstor, we have had several businesses contact us about helping them with their IT security strategies, and specifically Patch Management. IT security is and has been for a number of years a real “hot IT topic”. Even though IT security seems to always be in the news, the engineering team at Wanstor are constantly amazed at the number of businesses who are not undertaking basic IT security measures, and leaving themselves open to attack. One of the main causes of IT security attacks on businesses is through devices and networks which have not had a patch management strategy applied to them.

Read More

Restaurant Tech Live 2017 – Where you there? If not don’t worry, here is a brief summary

29th September 2017

Restaurant Tech Live Summary

This week Wanstor attended Restaurant Tech Live at the ExCeL Exhibition Centre in London. For those of you who have not heard of the event, it is Europe’s largest exhibition dedicated to the emerging technology and services that are forming the future of the restaurant industry. The event provides a great insight into the different dining trends of tomorrow and gives restaurant, hotel and hospitality venue managers, directors and owners the opportunity to find the latest products, services, and systems, from across the globe all in one place. In summary the event brings together over 200 cutting edge technology suppliers with thousands of restaurant businesses from across the UK.

Read More

Wanstor is exhibiting at Restaurant Tech Live 2017

10th September 2017

 Restaurant Tech Live 2017

Wanstor are pleased to be exhibiting at this year’s Restaurant Tech Live at ExCeL in London. 

As Europe’s largest exhibition dedicated to technology and services in the restaurant sector, the show provides you with a glimpse into the dinning of tomorrow and will offer you the opportunity to find the latest products, services, systems and advancements in the sector from across the world.

Read More
124-126 Borough High Street London, SE1 1LB
Phone: 0333 123 0360, 020 7592 7860
IT Support London from Wanstor IT Support London