True Diligence : Assessing Reputation

Reputation is everywhere. Whether good, bad or indifferent, every business has a reputation and an initial glance doesn’t always reveal what lies beneath the surface.

It’s easy to form a view on a company’s reputation.  Do we know what they do ? Do we recognise their logo ?  Do we buy their products ?  Does their brand impact our communities or reach the people and issues we care about ?  How do they handle issues and who represents them ?

These elements give us an instinctive reaction to a brand but that can never be enough when it comes to understanding the genuine value and security of a company’s reputation, an essential consideration for any potential partnership, merger or acquisition.

Reputation is fragile, especially in the fast-moving world of social media combined with the transparency and insight we now have into the inner workings of a business.  One poor customer interaction or a misguided tweet has the potential to escalate nationally or internationally and can be hard to recover from.

Moving beyond First Impressions

To truly understand the strength and power of a reputation, we need to consider the multiple aspects that feed it, and that’s where True Diligence comes in.  Going beyond that initial instinct gives a realistic and honest picture of a company’s reputation, an essential measure if a partnership or collaboration is under consideration.

It’s essential to have a holistic approach. On the surface, the official perspective will undoubtedly convey high quality products or services –  but what’s going on behind the scenes ?  What is the volume of complaints or challenges and how are they handled?  Does customer service shine through as a beacon of excellence, with thoughtful, constructive solutions ?  Are employees willing and loyal ambassadors, sharing their honest perspective of a company they are proud to be part of ?  Does staff turnover reflect loyalty ?  How connected are leadership with customers and staff ?  How loyal are customers or can competitors easily lure them away ?  Does stakeholder and community engagement matter to this business ?  How does it happen and does it have an impact ?

Combine these factors with media and social media presence and you begin to get to the heart of a company’s reputation.

Fragility Versus Authenticity

Why does it matter?  First impressions do count, but only a deep assessment can uncover how a company reputation adds value to the business.  Growth targets succeed on the back of strong brands and reputations, and a deep insight into the resilience and multiple facets that drive this intangible asset is key to understanding the future strengths of a business.

Entering a partnership or acquiring a business without this understanding has the potential to devalue the acquisition – or to stall future growth so reputational due diligence should be an essential step in any such decision.

Contact us to find out how this key aspect of non-financial due diligence can inform your decision making.

Siobhán Lavelle, Cornelle Communications, Associate of Transaction Focus and True Diligence TM Ambassador.




GDPR is about 2 years old and has been a legal requirement for all UK and EU businesses for the whole of that time and from 25TH May 2018 will be enforced with a system of fines and penalties by the Information Commissioners Office(ICO).

The maximum fine  for a breach of the regulations is a fine of 20 million Euros or 4% of global turnover whichever is greater with a 2nd tier penalty of half that amount for slightly smaller firms.

The ICO currently lacks the budget for staff to tackle the smaller UK firms out of the 6.5 million registered at Companies House,Cardiff but will use fines from large high profile cases to gradually expand its work of policing the regulations and fining companies who are otherwise beyond the reach of HMRC through cleverly constructed offshore arrangements.

Obviously the ICO cannot be too harsh on SME’s because there are 1.8 million “zombie companies” which are in breach of their banking covenants and many fledgling “unicorn” start ups  which, if fined too heavily would be put out of business with their staff turned into benefit recipients unable to contribute to the country’s tax revenues.

The official rationale for GDPR is the protection of people’s data ,the ability of consumers to resist “spamming” and unwanted unsolicited approaches from marketing companies and a “right to be forgotten” subject to certain requirements being met regarding the public interest.

Breach Procedure

Any breach has to be reported to the ICO whether accidental, inadvertent or otherwise within 72 hours and this applies regardless of staffing levels, weekends, Bank Holidays, Half Terms or people being ill.

If Directors “take the company down” on the advice of their accountants or of their own volition in an attempt to evade ICO mandated penalties then the ICO can go through the “corporate veil” and pursue individual directors either for not dealing with known risks properly as they have been required to do since 2006 following the Turnbull Report or it can be brought into the orbit of the criminal law as the ICO Commissioner has suggested might be the case with Cambridge Analytica which was “taken down” prior to “Phoenixing” under a new name.


GDPR has 11 Chapters and 99 Articles and runs to 133 pages.

It has 6 privacy principles which are contained in Article 5.

These are:

1. Lawfulness, fairness and transparency

2. Purpose limitation

3. Data minimisation

4. Accuracy

5. Storage limitation

6. Integrity and confidentiality

Whilst these 6 principles seem to mirror the scope of the existing Data Protection Act, GDPR applies much more broadly which means that existing compliance programmes have to be updated and that what is currently in place is no longer sufficient or fit for purpose.

GDPR creates a need for organisations to map their data flows and conduct or have completed Data Protection Impact Assessments.

These must at least cover the following desired outcomes:

- A description of the data processing and its purposes

- The legitimate interests you are pursuing with the data processing

- An assessment of the necessity and proportionality of the processing

- An assessment of the risks to the rights and freedoms of data subjects

- The measures you envisage to address the risks

- All of the safeguards and security measures to demonstrate compliance with the regulation

-Indication of timeframes if the processing will include the erasure of personal data

- An indication of any data protection by design and default measures

-Compliance with approved codes of conduct

-Details of whether the data subjects have been consulted and have consented

As can be seen  ,organisations and businesses will have a great deal of work to do to restructure processes and systems to comply with GDPR and  they will need to appoint a Data Protection Officer or have appropriate consultancy and advice including from the ICO website’s guidance notes, to become compliant.

Beyond these steps GDPR will have to be incorporated into risk management plans as an additional element of risk which must be carefully considered by the board and minuted along with all other categories of risk

Achieving Compliance

For large businesses which have not already done so there will be a need to appoint Data Protection Officers  and possibly teams of such people, dependant on the extent and complexity of the work which will of course be ongoing.

Unlike normal employees you will not be able to dismiss these people as they fall into a ring fenced protected category

Preparing Now For GDPR

The ICO has provided a 12 step checklist highlighting what needs to be done to ensure compliance by the 25th May 2018, just 15 days away as of this writing.

The 12 points deal with:

  1. Awareness

This means   ensuring that decision makers and key people are aware that the law is changing and for them to appreciate the impact that this is likely to have and identify areas that could cause compliance problems under GDPR

  1. Information You Hold

This means documenting what personal data you hold, where it came from and who you share it with.

You may need to organise an information audit across the organisation or within particular divisions, functions and business areas of operation

  1. Communicating Privacy Information

You should review your current privacy notice and put a plan in place for making any necessary changes in time for GDPR implementation

The ICO’s code of practice covers what form you need to adhere to.

  1. Individual Rights

Under GDPR these are enhanced beyond those of the current Data Protection Act to include the following:

-Subject Access

-To have inaccuracies corrected

-To have information erased

-To prevent direct marketing

-To prevent automated decision making and profiling

-Data Portability

  1. Subject Access Requests

You should update your procedures and plan how you will handle requests within the new time scales and  provide  any additional information.

  1. Legal Basis  for Processing Data

This means looking at various types of data processing that you undertake and identify your legal basis for carrying it out

  1. Consent

You should start thinking about and review how you are seeking, obtaining and recording consent and whether you need to make any change to ensure that you have an effective audit trail

  1. Children

You should start thinking about putting systems in place to verify individual ages and gather parental or guardian consent for data processing activity

Privacy notices have to be written in language children understand and consent must be verifiable

  1. Data Breaches

You should ensure that you have the right procedures in place to detect and report data breaches of a personal nature

Larger organisations need to have policies and procedures for managing data breaches at central/local levels  and bear in mind that failure to report a breach w within 72 hours can  result in a fine as well as another fine for the breach itself

  1. Data Protection By Design and Data Protection Impact Assessments

You should familiarise yourself now with ICO guidance on Privacy Impact Assessments and  work out how to implement them in your organisation

You should assess the situations where it will be necessary to conduct a DPIA and decide who will conduct it who else needs to be involved and where the process will run from

  1. Data Protection Officers

You should designate a Data Protection Officer, if required ,or someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements

  1. International

If your organisation operates internationally  you should determine which data protection supervisory authority you come under


This is an internationally recognised management system standard  or information security management which describes the requirements of an information security management system based on established best practice

It is sector agnostic, does not favour any one technology or solution and can be used by organisations of any size.

It sets out requirements for what must be done to secure information but provides scope for organisations to determine how they implement the requirements to meet their organisational objectives and risk “appetite”


At the top level there are 7 main headings:






-Performance Evaluation


The approach to risk mirrors that of GDPR and overall the ISO 27001 standard offers  a 75% solution to GDPR compliance leaving companies and organisations with the 25% that remains.

Transaction Focus has arrangements in place to assist companies and organisations  with GDPR proper and through sole provider arrangements for ISO 27001 with a proven internationally recognised supplier of standards that operates throughout the UK and the world

©Transaction Focus is registered in England & Wales No.5241180
ICO Registration Reference No. ZA003579




The natural progressive biodiverse environment required for longevity

A “Natural Sustainable business growth” land is a far cry from “force feed” shareholder and VC driven culture.

More holistic, organic, less GM perhaps ?..Certainly more collaborative, symbiotic, mutually beneficial and interdependent.

A natural, lush expanse of grassland where many types of grasses, flora and fauna can co-thrive.

More communally and culturally diverse,non-judgemental,mutually inclusive…no enforced short term commercial goals that benefit  few. More collaborative, co-operative “honesty” sessions that are naturally aligned with the carefully defined, long term corporate and product brand goals.

Less prejudice, mutually beneficial guidelines rather than controlling forces ; less “fear of failure”, no establishment  spraying pesticide or insecticide to protect or safeguard the food chain of any one species.

Cleverly disguised aggressive , self-interested greed and “benefit society” idleness are diligently and mercilessly weeded out. So much more commercially “fit” and ROI focused than the “force feed” model.

Ideally, a strong, visionary culture with a no-nonsense matriarch or patriarch who presides and empowers the trusted circle is needed. Traditional family or founder focused companies that have strong governance can continue growing for centuries. Cheap “sell outs” or “buy outs” that benefit the few need to be scythed or mown down. Even the greenest, purest and most holy and holistic (i.e.Body Shop and Innocent Drinks) have arguably sold their souls to the less virtuous MNE shareholder kingdom.

The spacious company garden needs to be alive, harmonious, adventurous, with fresh, fast flowing revenue streams and abundant with experimental net contributing vegetation from other lands or planets.

This model garden can also have quiet idyllic zen corners for mindful reflection or meditation, where tribe members can re-resource, find their inner peace or just relax and think.

Forever green and forever expansive and outreaching

Eco-systems that do not reach out for global or extra-terrestial inspiration may not be prepared for an all consuming alien invading species. Fertile, ambitious, global companies can more readily spot, pre-empt and combat the alien challenge if they are operational in the alien’s native market and have meaningful overseas strategy partners.

Fast thriving communities may also embrace and mould AI and other technological elements in pursuit of continuous improvement.

After all, most inventions are copied or originally inspired or sourced from the plant or animal kingdom. Progress is a kind of virtuous, virtual evolutionary circle.

Green organisation focused group governance

Big decisions are frequently pre-scrutinised and soft tested by the inner and outer tribe.

Tribe members must be devoted, talented, resilient, restless, confident and outward-looking. Selection and promotion is rigorously scrutinised and overseen by the inner trusted circle : The Pack

The Inner and Outer tribe take responsibility for grooming the younger generation to subscribe to the corporate mantra, so that their role functions progressively better. A fertile, fun, spontaneous spirit of closed loop continuous improvement is critical for embracing growth ambitions. Personal, bespoke physical and mental biologically atuned fitness programmes can help enable individual tribe members to realise their own natural ambitions. If they flourish, the tribe also flourishes.

Each member can in turn become autonomous and self-sufficient in order to survive longer alone in the wild and overcome obstacles, as an integral member of the tribe.

Lead hunters need to be naturally “super fit” in mind, body and spirit in order to provide abundantly for the tribe. Like athletes, they also need rest and “recharge” sessions.

Built up “so-called sophisticated” modern society management sometimes do not equip their sales “food” providers with the right tools and increasingly opt to reward them on a results or commission only basis, preferring to reserve the “fat cat” privileges for themselves and their financial beneficiaries. Such organisations frequently fail to generate natural sustainable growth and lack longevity as the best hunters are not rewarded sufficiently and migrate to new pastures.

Species that survive in the jungle do not carry passengers. Yes…a little too Malthusian and uncomfortable for many … Every member needs to be a progressive, positive net contributing force and may also be aligned or associated with other tribes in strange green pastures, so that new breeds of fertile ideas are spawned from afar.

Tribe elders need to co-exist, compromise and trade as harmoniously as possible with neighbouring or competing tribe leaders. All tribe members have to follow suit and back awkward decisions that need to be taken quickly by the matriarch or patriarch.

Personal Enlightenment

The company as a whole is stronger if tribe members fulfil their global, holistic life dreams. “Google style one day off a week” for personal career projects reinvigorates the mind and soul and generates renewed team energy.

Flexible, re-resourcing, refreshing vacation time reaps rewards. Themed “on project” team day outs invariably foster fertile creativity and symbiotic teamwork.

Why not incentive the best performing sales persons with fitness and “recharge” sessions on natural islands with 1200 herbs and fragrances ? Like athletes, they also need to sharpen the senses and be pampered.  Fit, sensual sales and marketing persons are more in tune with their customer needs and deliver more consistently.

Exotic, aromatic, dynamic flora and fauna types need to flourish in their own natural way and need to have room to express themselves. Wild, wondrous, eccentric ideas should always be celebrated. Earthling young now aspire and expect this.

They need to be encouraged to travel like our busy bee Victorian ancestors who came home with creative ideas and populated British landscapes such as Kew,Trentham Gardens and Westonbirt  Arboretum with foreign species

Young bees still need natural light touch guidance from other tribe members. As a general rule, elite performers, like elite athletes, know what they need and where to find the sharpest tools and inspiration.

NSGG Sum up

Once the optimal, natural company eco-system is aligned with the company’s DNA and “raison d’etre” and the natural growth parameters are in place, profitable, sustainable revenue growth can take place rapidly and more vigorously.

Meticulous planning and preparation is always needed. Seasonal planting and harvesting patterns and crop rotation need to be optimised.“Farmer” and “hunter” types need to be financially proefficient and rely less on conservative “FD” types with minimal “in the ground” exposure.

Radical re-landscaping is sometimes required.

Ambitious mind set, Return on investment focus & pre-set success metrics always needs to tracked, and visionary brand integrity should never be compromised.

Author: Charles Smee, Founder and CEO of Transaction Focus and “Natural Sustainable Business Growth” specialist

Should every business person in Europe be keen to stay in Europe ?


Dr. Rebecca Harding’s statistics highlight the benefits of increasing business with Europe.

Business needs Europe

•“I’d rather have 1% growth in a market worth £33bn than 10% growth in a market worth £5bn”
•Trade and the prevention of war are the basis of the European Union
•Trade with Europe is worth £301bn to the UK economy
•The value of the Euro is closely correlated with its trade and its trade with the UK
•The value of the Dax and the FTSE is closely correlated with European trade and trade with the UK
•Skills are highly correlated with high-end trade