It’s a digital world – so what?

If you have bootstrapped a business, as I have more than once, then you will know that you just have to embrace #digital technology.  At a micro scale that is easy with plentiful applications and services a click away in the #cloud.

When you are a big business with a legacy of technology accumulated over many decades and with people and processes linked to the evolution of that legacy it is much harder to adapt.

Couple of thoughts on this.

Spotted this article from heavy hitters McKinsey and a worthwhile read.

Of course there is always a gulf between the theory and practice and that is why I co-wrote a book Thinking of..Building a Microsoft Cloud Operating Model Ask the Smart Questions at that digs deep in assisting the business and technology teams to collaborate on ‘making it happen’ as McKinsey describe.

I have 5 copies of the book to distribute to the first five people to respond to this post.  All you have to do is to reply to this question by email to by 15 June 2019.

Q.  What is the difference between agile and Agile?

There is no right or wrong answer!

GDPR turns 1 year old

In 2108 I completed a course at Henley Business School under Professor Ardi Kolah to get under the bonnet of GDPR.  Brilliant course lasting 6 months with 6 tough exams to pass with 80% pass mark.  I have since conducted a GDPR review for a charity, investigated the market for outsource Data Protection Officer (DPO) services and run procurements to appoint a DPO service.

 Is it working out as intended?

Many think of GDPR as a compliance exercise whereas Henley looked at it from the point of view of business continuity that incorporates compliance.  That changes the perspective of the board and senior management team to consider the risks in a different way, e.g. what would be the impact on the business if we were forced to stop processing data by the Regulator?

GDPR is still a hot issue and should be on every board agenda and included under a governance review.  As the Data Protection Authorities (DPAs) exit the bedding-in grace period expect a harsher regulatory regime and fines to increase.

So, one year on here is a state of the nation infographic by IAPP.

There is also a report at

What did you just say?

In a random conversation exchange it was spoken: ‘A charity that has had a data breach may choose not to report it for fear of harming its reputation and losing donor support’.  I was shocked!  This thinking will only further harm the reputation of the charity sector.

If there is potential harm to those data subjects, as a result of a data breach that you as a Data Controller or Data Processor has responsibility for, then YOU MUST report it to your DPA within 72 hours of it coming to your attention.  Your reputation or financial position is no reason not to report a notifiable incident and will only result in much heavier fines when this later comes to light.

Europe lead the world in regulation that protects the rights of citizens – you need to be aware of what they are:


Cloud Operating Model

Talk to a MBA student and they will tell you about the ‘models’ they learn and how they shape organisations.

For the first time in my life as an author I have contributed to a team of authors writing about a model that is topical as cloud computing is now mainstream in organisations of all sizes.  Indeed, a business I am bootstrapping relies totally on cloud services from Microsoft, WordPress, WooCommerce, Xero and some IP delivered in the cloud that is secret.

A model for Cloud Computing

Who needs a model?

Large organisations that have complex IT and total reliance on the functioning of IT 24/7 to support their day-to-day business.

Why is that?

We answer that in the book about the phenomenon that is ‘cloud’ and how that is transforming how organisations organise their work.

The book is in two volumes, one for the business (written in business speak) teams and one for the technical teams.


What can you expect #Agile #BusinessModels #DigitalTransformation #Azure #Governance #AI #BigData #IoT #RPA #Mobility #Knowledge #SmartQuestions #RealWorld Experience #OverToYou

The authors are grateful to our reviewers:

“Building a Microsoft Cloud Operating Model is a must read for leaders looking to understand how the rules of the game have changed, and importantly how to unlock the value that comes with the right model, great technologies and engaged people.

I love the fact it’s practical and serves as a useful guide for those driving change and innovation in their business.”

Clare Barclay, Chief Operating Officer, Microsoft UK

Interested?  Click here for more information.

D Day for Digital in the boardroom

Is the new face in the boardroom a digital NED?  If it is, what is expected of them and what are their challenges given the reported low level of digital savviness in the boardroom?

It is going to be different for every organisation influenced by competitive forces and what disruption is occurring as a result of the exploitation of digital.  That word digital is hard to define precisely and it is easier to think about its impact in ways that we have experience of; how we buy and sell, how we access government services, how we book a holiday, how we bank and the list goes on.  It is getting harder to name a sector of the economy that has not been impacted by digital.

With so much digital already put to work I am curious to know what is expected of the digital NED?

On 14th November 2017 Harvey Nash and London Business School Leadership Institute launched their report on what is happening in boardrooms against what they describe as a steady state of volatility and uncertainty.

The report delivers many insights into the working agenda of the board and the stand out for me was that ‘digital skills will be the most required specialist competency for non-executives over the next five years’.

Click here to download the report

The report drives home the digital theme:

Reporting on What Makes a Good Chair?  Answer – Be Digital aware

Reporting on Facing Up to Digitisation:

  • Recognise and plan for digital vulnerabilities
  • Widen the search for digital talent
  • Acknowledge that digital risks can bring great rewards

I started looking for an example of a well known business that put digital to work and the history after its implementation.  Click here for two short two minute videos that tell an interesting story about the digital transformation of a business.  That business was subsequently acquired and its capability to serve customers enabled by its digital transformation was a key decision factor for the acquisition.

Here are the reasons the CEO of the acquiring organisation gave for the acquisition: ‘the rationale for the takeover is to help shift (acquirer) towards modern online and convenience shopping habits . Underneath what we are buying [acquired] is the ability to deliver very quickly to wherever shoppers are in the UK.  Care to guess who the acquirer and acquired were?  The videos provide the answer.

Here is the thing, the CEO did not use the word digital once, it was the impact of digital and how it served the acquirer to better serve its customers.  I guess that’s the bottom line to figure out – the impact and how that is measured.

How real is this enthusiasm for the digital NED?  I found that in a blog post by Warren Partners (a leading UK executive search firm) with their tips on landing a digital NED role and what’s on the mind of the Chair that will interview you.

Korn/Ferry Institute published a report ‘The Digital Board – Appointing Non-Executive Directors for the Internet Economy’ a comprehensive read and they answer the question I set at the beginning of this blog.

What is expected of the digital NED?

Click here to access the report.



I have written about digital transformation previously and you can follow these links to read more.

















The science of business

I have been connecting with start-ups and starting up my own ventures and wondering; what is the secret sauce that turns an idea into success?

I have written about this before and now add to that some new thinking.

My starting position is that most businesses I connect with have a dependancy on technology, either they are selling it or relying on it as the enabler for what they have to sell.

For the business that is out to develop tech and then sell it, one of the failings is too much attention on the product and not enough attention on the customer. What use is a product if you have not established who will buy it and why and how you will attract that customer audience?

And if you are relying on tech to get your product to market then you have to understand the customer experience and know how they want to search for, select and buy, rather than how you prefer to sell to them.

It’s complicated, which is why so many startup businesses fail.

From Project to Product, learnings from my work with the EU Horizon 20:20 CloudWatch2 program.

The TMARA Group, a business that I met at a Catapult event helping innovators maximise their opportunity to succeed.

Between the two there is need to know science about turning an idea into a business, because it rarely happens just like that.

Collaboration is about letting go

As I kick start another new business venture in 2017 one decision I face is – how much control do I want to have?  As I contemplate this my copy of the IoD Director magazine arrives with an article by Simon Sinek with advice.

screen-shot-2016-12-28-at-08-49-29Simon delivered one of my all-time favourite TED Talks ‘How great leaders inspire action’ with over 29M views and I have used it myself a number of times when consulting clients to stimulate the brain before getting down to business.

Collaboration and letting go

Simon’s advice is to ‘surrender sole control and collaborate to achieve real growth’. He goes on to talk about give and take and delegation to use other people’s talents. He then switches to discuss that when people are promoted they usually don’t get any training as they move into leadership roles. That is more easily addressed in a big company than a SME, even so Simon’s advice is that senior execs need to invest in their own leadership development if they are to maximise the potential of their people.

I looked for evidence to support Simon’s views and found the report of the Chartered Management Institute click here to read that.

screen-shot-2016-12-28-at-09-15-30From that report this graph (apology for quality) highlights two areas for improvement. Change is hard and the table highlights it as the top organisational activity so that senior managers are ‘on top of their game’.

The ‘out of touch’ is something that Simon commented and that raised a whole bunch of questions in my mind.

Remaining relevant

Switching direction now: The Economist report ‘Lifelong learning is becoming an economic imperative’ commented: To remain competitive, and to give low- and high-skilled workers alike the best chance of success, economies need to offer training and career-focused education throughout people’s working lives.

That got me wondering if there a link between ‘out of touch’ and ‘lifelong learning’?

Top Tips

Something unusual happened after I posted this blog. Yup, someone contacted me and made a good recommendation and I am sharing it with you.

The simple truth is that the most successful people are dedicated to constantly learning.  Click here to read the article and small steps you can take to develop a lifelong habit of learning.

How relevant is your brand?

How relevant is your brand and how near are you to fame or failure?

Off the back of Cloud Expo 2017 I have been thinking about the names (brands) that were exhibiting and how many new names showed up as exhibitors. Cloud is hot so it is no surprise that new businesses are chasing the opportunities of a high growth potential market. Also the Expo had an elevated presence for the Internet of Things (IoT) that has names that are not commonly associated with cloud computing as well as cloud names crashing the opportunity (and why not).

Brands come and go

Do you know where you are on your brand journey?

Starting out?

Tipping point?

So hot now?

Turning point?

Tanking point?

It is all about relevance. So where are you on your brand journey?

Your brand journey

How would describe your brand journey and where are you on that journey?

Don’t sweat to much on the answer take a look at this video (it is 7 minutes long) and then take the survey at the end.

Data is the new Oil

At a recent meeting I heard the expression ‘Data is the new Oil’ for the first time.

When you hear this, what does it conjure up in your mind?

Does it translate as data is the new oil of business?

The digital onslaught

It is hard not to have a business conversation without mentioning ‘digital’ and the new buzzwords are digital transformation and business transformation. I have not heard from anyone a convincing definition of what these mean.

What I have heard is the importance of data and how that can be transformative and I have personal experience of this. On one scale it can be the deep analysis of a small dataset that reveals new insights that support better decision-making through the analysis of a big dataset (Big Data) that can swamp you with riddles.

The ‘e’ fear

Just as oil has the ‘e’ fear where ‘e’ in this case is environment, so too does data has it’s ‘e’ fear being exploitation. There is huge debate that is growing in passion about data privacy (it affects everyone potentially and more so those that are online junkies) and how their personal data is exploited.

Fear not, your defender is the ICO

The Information Commissioners Office (ICO) is your defender and their documents may not be high on your must read list yet the contents provide reassurance that your privacy is important.

Politicians have stepped up to the mark in defence of privacy and the General Data Protection Regulation (GDPR) comes into force 25th May 2018 and  the financial penalties under this regulation are greatly increased over those permissible under UK law today, being capped at £500,000. This has increased awareness of the importance of good governance in respect of processing and controlling data .

I sit on the board of the Federation Against Software Theft (FAST) and benefit from the expertise of people like Julian Hobbins General Counsel at FAST who writes a monthly bulletin on legal matters of interest to the IT software community. I copy below his latest bulletin and give full credit for his work.

Big data analytics and the ICO

“Big data analytics” – a concept so in vogue that the term has become a buzzword. Quick to point out that it is “no fad”, the Information Commissioner’s Office (ICO) last month published its second paper on the subject. The paper provides an illuminating discussion on some of the key issues surrounding big data and how it can be reconciled with data protection principles. However, before taking a look at this in more detail, it first seems necessary to clarify just what the term “big data analytics” means.

“Big data”, “AI” and “machine learning” are terms often used interchangeably. Although closely related concepts, there is a notable distinction.

Whilst there is no single definition, the term “big data” essentially refers to colossal datasets of real-time data from a multitude of sources. Its size and complexity means that it is difficult, if not impossible, to analyse using traditional data analysis methods.

“AI” or “artificial intelligence” refers to the computational power capable of intelligently analysing big data.

“Machine learning” is a phrase encompassing the range of intelligent techniques and tools that sit behind AI. These mechanisms (based on complicated algorithms) allow computers to “think”, adapt and respond autonomously accordingly to the data being processed. This means that computers can process and interpret big data with the insightfulness of a human (although not always through using the same anthropic rationale).

Together, these three terms are often referred to as ‘big data analytics” or simply “big data” and, for simplicity, these are the terms used throughout the remainder of this article.

Because big data analytics is such a sophisticated and complex approach to data processing, it has significant implications for data protection and privacy. It is therefore important to have an awareness of these implications whenever personal data is involved. Whilst the brevity of this update does not allow for an in depth look at the data protection implications of big data analytics, it does allow for a brief comment on some of the main points to take from the ICO report.

One of the key concerns flagged by the ICO is the possible conflict between big data analytics and the requirement for fair and transparent data processing. There is often a supposition that big data analytics is so sophisticated as to be somewhat shady or sinister.

The question of privacy

This therefore poses the question of whether big data analytics has an intrusive effect on individuals; for instance, where big data is processed for the purposes of automated profiling. In circumstances such as these – where big data is used in a way to make decisions affecting individuals – the ICO reminds organisations of the need to consider principles of fairness. Similarly, the ICO emphasises the importance of expectation and considering whether individuals could reasonably expect their data to be used in the ways that big data analytics facilitates.

The complexity of the machine learning underpinning big data analytics means that transparency is another key issue. Not only can the opacity of the processing create problems for individuals whose data is being used, it can also lead to difficulties when obtaining meaningful consent to the processing of personal data. This problem is further complicated due to the experimental nature of big data analytics, which means it is not always practical to give consent at the outset.

The matter of compliance

Whilst the above provides a flavour of some of the concerns discussed at length in the ICO report, it seems appropriate for this update to conclude by focusing attention on the overall stance of the ICO on the subject. However, before doing so, it is worth very briefly mentioning the number of “compliance tools” suggested by the ICO. These are measures, such as anonymisation, designed to help organisations comply with their data protection obligations in a big data context.

As the recommendation of these tools would suggest, the ICO is clear in its view that it is not a case of big data or data. Rather, the ICO endorses the view that big data is compatible with current data protection legislation. It also recognises and accepts the many commercial benefits of big data analytics across vast swathes of the public and private sector. Nevertheless, there is no denying that the volume, variety and complexity of big data present numerous problems for organisations that must adhere to legislative obligations.

Big Data  Data Protection

The ICO’s focus is very much on how big data analytics and data protection can co-exist harmoniously. Data protection is not a blockade to big data analytics. Instead, a sensible, well managed and pragmatic approach is encouraged towards meeting data protection requirements and upholding key principles such as fairness and transparency.

How the ICO manages the tension between big data and the obligations on business to protect personal data under the GDPR will be one the ICO’s biggest challenges in the years ahead, especially after Brexit when the British Government will have greater freedom to legislate in this area. It is important for industry that the ICO, in managing that tension, does not implement the GDPR in such a way that it threatens to stifle innovation and the enormous potential commercial and social benefits that big data can deliver on.

A Big Read and I hope you found it informative.

Green is a good way

I rely on the Internet in so many ways and every month I get a bill for my energy consumption and it hadn’t really occurred to me what energy I consume to serve up my Google searches, Office 365, Twitter and everything else I do online.

Who’s counting?

Operators of data centres, and there are some whoppers out there, consume a lot of energy and they are highly motivated to reduce energy consumption as that is a big cost.

In the UK under the Companies Act 2006 (Strategic and Directors’ Reports) Regulations 2013, quoted companies are required to report their annual greenhouse gas (GHG) emissions in their directors’ report.

In the case of a quoted company the strategic report must, to the extent necessary for an understanding of the development, performance or position of the company’s business, include—

(b) information about—

(i) environmental matters (including the impact of the company’s business on the environment)

If a company uses public datacentres and many do then that is part of their carbon footprint.

The guardians of our environment Greenpeace are also counting. You can read their report and naming and shaming of dirty energy users and praise for exemplar companies like Apple heading up the list.

Screen Shot 2017-01-16 at 22.16.17

Screen Shot 2017-01-16 at 22.24.10

Got one of these?

Have you seen this before?   Screen Shot 2017-01-16 at 22.25.15

Screen Shot 2017-01-16 at 22.26.25It now lives on my Google toolbar and when I visit a website it tells me about the green credentials of that web site. Here I am on and this is what I see.

You can get the app with the Screen Shot 2017-01-16 at 22.25.15 by going to the Google Chrome Web Store

I don’t know about you but I really like this. It does not have a scorecard for every website but it does for the big providers that are serving very large numbers of users e.g Google, Apple, Microsoft and IBM.

I wonder how much this might influence those businesses under reporting regimes when choosing their provider?

Public sector doing their bit

Screen Shot 2017-01-16 at 22.53.42

The public sector need to demonstrate its green credentials and the EU has launched the EURECA survey (only Public Sector invited to participate) with the aim to ‘helping to improve the energy and environmental performance of data centres’ used by the public sector.


So having dealt with the green issue, what about risk? As a business becomes dependant on a third-party such as a datacentre provider to deliver business critical resources then that has an associated risk. Click here to read the Data Centre Risk Index 2016 published by Cushman Wakefield. I promise you it offers a few surprises!

Cyber security your responsibility

The Uk’s National Cyber Security Centre (NCSC) was officially opened on the day of love, 14 February 2017. However we are not in love with cyber it is a nasty evil that is a global threat to individual citizens, businesses and governments.

As I prepare to chair the Cloud Expo Security theatre on March 15 at Cloud Expo I have been researching recent news and the most prominent is the opening of the NCSC.

Here is what the Chancellor of the Exchequer said at the launch of the NCSC: ‘Our digital sector is also the best in the world – contributing a bigger proportion of our GDP every year than any other country in the G20.’

The UK is a big target for cyber criminals. He went out to quote:

  • 83% of UK businesses are online
  • 65% of large businesses reported a cyber breach or attack in the past 12 months
  • The ONS estimate that there were two million such incidents (cyber) in the past twelve months alone. If these numbers were included in our crime figures, the UK’s crime rate would double

A report dated December 2016 ‘Cyber security regulation and incentives review‘ is a worthwhile read as it sets the UK government’s policy on how it will combat cyber threats.

Here are some notable extracts (my emphasis in bold) from the report and I encourage you to read the whole document (27 pages).

The responsibility for keeping the UK, its economy and its citizens safe is shared. Every business, charity and institution up and down the country must realise that cyber security is their job as much as it is Government’s. Only when the effort is concerted and persistent can we fully tackle this challenge.

Effective cyber security risk management is vital to the success of the UK economy and to ensuring the safety of citizens. However, Government is clear that any interventions need to be proportionate. It does not want to overburden businesses and organisations with unnecessary regulatory requirements.

For now, Government will not seek to pursue further general cyber security regulation for the wider economy over and above the GDPR. It should ultimately be for organisations to manage their own risk in respect of their own sensitive data (e.g. intellectual property) and online presence. The Review findings also suggest that the impact of other regulation would anyway be limited, and unlikely to be effective enough to outweigh the burden on business. Imposing specific requirements could also encourage a ‘compliance’ culture rather than proactive cyber risk management. Government will however pursue a number of new non-regulatory interventions to incentivise better cyber risk management, in support of the existing business engagement strategy. These will mostly be delivered through the National Cyber Security Centre, providing advice and guidance to organisations and incentivising them to improve their cyber security risk management.

There is still time to register for Cloud Security Expo 2017 Excel London on March 15 2017 at

This article was also published on LinkedIn on 4th March 2017