Case study: Gaucho
GDPR and Cyber Security Solution for the Hospitality Sector
Company: Gaucho
Sector: Hospitality
The Scenario
Gaucho is a chain of boutique-style Argentinian restaurants founded in 1976, with 19 restaurants spread across London, UK, Dubai, Hong Kong and Buenos Aires.
Gaucho were looking to tackle the introduction of new General Data Protection Regulations head-on, seeing it not just as a one-off project but a chance to re-evaluate their whole ethos around how they handled data.
Cyber security and procedure implementation were an essential part of this change.
How TechQuarters helped
Jonny Fox – Gaucho’s Head of IT, enlisted the help of TechQuarters, a GDPR consultancy and technology solution provider based in London. TechQuarters GDPR team comprised of both a Business Process Consultant and Technology Consultant.
The project started with a technology audit to discover where data was stored, followed by a gap analysis against the 99 articles of GDPR. The aim was to avoid breaches and implement policies and technologies to stop data leakages. 340 end points were identified that could be holding personal identifiable information (PII), so Microsoft Enterprise Mobility Suite and Security (EMS) was implemented to manage these end points and servers. To avoid user errors, such as clicking on unverified links, TechQuarters recommended anti-threat protection (ATP) and multifactor authentication.
Gaucho enlisted GDPR champions within the business and introduced new policies from shredding paper copies of forms, to ensuring data is only saved in the dedicated locations. Lastly, processes for notifying the ICO of any data breach within a 72-hour service level and responding to subject access requests were introduced. A tool (eSpyder) with a highly tuned algorithm that can search for multiple variables of PII data across systems – from credit card details to IP addresses – was installed to help managed systems ongoing.
The Results
Gaucho is the perfect example of a company that took on the challenge of GDPR with gusto. They were prepared for the introduction of GDPR by May 25th 2018, and have processes and technologies in place to help with compliance and security ongoing. They now hold regular committee meetings with GDPR champions to ensure the business processes introduced are not only abided by but are updated in response to any regulation changes.
The project with TechQuarters spanned a total of just 2.5 months and they continue to touch-base with on-going support and advice to ensure the culture of data security and careful data management continues and evolves accordingly.
‘TechQuarters GDPR services hit the spot, with great advice on both the business and technical processes.’
Jonny Fox – Head of IT, Gaucho