Gaucho & Cau Restaurants Take on GDPR
If you’ve been keeping up with GDPR news over the last few months, you’ll have seen the various stories about how big brands are tackling GDPR. One of the most notable cases saw Wetherspoons deleting their entire customer database rather than risk another breach like the one they experienced back in 2015. Under new GDPR laws, this would have cost them 4% of their global turnover!
It’s been clear that many companies were unaware of the sheer magnitude and myriad of actions needed to become compliant. GDPR is not just a box ticking exercise, but a change to the culture of how data is collected, processed and stored. Boutique-style Argentinian chain restaurants Gaucho & Cau are one of those few businesses that tackled GDPR head-on and embraced the change. Rather than seeing GDPR as a chore, Gaucho & Cau took it as a chance to re-evaluate their whole ethos around how they handled data, with cyber security playing an essential part.
According to a Big Hospitality business profile from 2011, the Gaucho Piccadilly branch was taking more than 1,000 orders a day. You can only imagine, now it’s 7 years and several restaurants later, just how many customers they see in a day UK wide and therefore, just how much customer data they must handle.
With May 25th looming, Jonny Fox – Gaucho & Cau’s Head of IT, enlisted the help of TechQuarters, a GDPR consultancy and technology solution provider based in London. TechQuarters GDPR team, comprised of both a Business Process Consultant and Technology Consultant, helped Gaucho & Cau to tackle the monumental task of becoming compliant. Fox said of the experience: ‘TechQuarters GDPR services hit the spot, with great advice on both the business and technical processes.’
TechQuarters kicked off the project with a technology audit focusing on where the data was stored, followed by a gap analysis against the 99 articles of GDPR. The aim in the long term was to avoid breaches and implement policies and technologies to stop data leakages. There were 340 end points identified that could be holding personal identifiable information (PII), so Microsoft Enterprise Mobility Suite and Security (EMS) was implemented to manage all the end points and servers that hosted this data. To avoid user errors that may result in data breaches, such as clicking on unverified links, TechQuarters recommended anti-threat protection (ATP) and multifactor authentication to avoid user error through spoof emails.
Fox knew that GDPR compliance was not just a one-off project, it was an ongoing change in attitude towards customer data. They enlisted GDPR champions within every area of the business, from Restaurant Managers to the HR Director, and introduced new policies from shredding paper copies of forms, to ensuring data is only saved in the dedicated locations. From now on Gaucho & Cau will also be holding regular committee meetings to ensure the business processes TechQuarters introduced are not only abided by but are updated in response to any regulation changes or new procedures.
While a lot of other companies were simply adding a checkbox to the bottom of their newsletter sign up, TechQuarters were training up Gaucho & Cau on the process of notifying the ICO of any data breach within a 72-hour service level. They also helped implement a procedure for responding to subject access requests and installing a tool with a highly tuned algorithm that can search for multiple variables of PII data across systems – from credit card details to IP addresses.
Gaucho is the perfect example of a company that took on the challenge of GDPR with gusto. The project with TechQuarters spanned a total of just 2.5 months and they continue to touch-base with on-going support and advice to ensure the culture of data security and careful data management continues and evolves accordingly.
0800 148 8001