How build a GDPR-compliant conference or event

How build a GDPR-compliant conference or event

Ioan Popovici

Ioan Popovici
Chief Software Engineer

I am starting a series of articles in which I will try to cover my experience in managing privacy and GDPR compliance for several IT related conference events that we handle here at Avaelgo. During this journey, I will also touch some in-depth security aspects, so stay tuned for that.

As I am sure you know already, a conference is a place where people gather, get informed, do networking (business or personal), have fun, and who knows what other stuff they may be doing. The critical aspect here is that for such a conference to be successful, you need to have a fair amount of people being part of it. Moreover, since people are persons, well, that also means a fair amount of personal data.

There’s a lot to cover, but we will start with the basics. If this is the first time you are organizing such a conference, then you already have a head start: you do not have to change anything. If not, then you must begin by reviewing the processes that you already have in place.

In this first article, I am going to cover what are the key points that you should review. Let’s go:

1. How do people get to know about your event?

It is essential to know how exactly you are going to market your event. The marketing step is crucial, and itself must be compliant with the regulation. This is a slightly separate topic, but it cannot be overlooked.
It does not matter that you will market yourself to participants, speakers, or companies. Personal data is still going to be involved.

2. How are people going to register for your event?

That is, how are you going to collect data regarding the participants? Is there going be a website that allows registration? Do you include phone registration? There are still more questions to answer, but you have an idea about the baseline. These decisions will have a later impact on the security measures you need to take to secure those channels

3. How are speakers going to onboard your event?

Same situation as above, but it may be that there is a different set of tools for a different workflow.

4. How are you going to verify the identity of the participants?

Is someone going to be manually verifying attendance and compare ID card names with a list? Is there going to be a tool? Is there a backup plan?

5. Do you handle housing, traveling for speakers or participants?

If yes, you will probably need to transfer some data to some hotels, airlines, taxies, etc.

6. Do you have sponsors? Do they require some privilege regarding the data of the participants?

This aspect is a big one, as I am sure you know, some or all of the entities that collaborate on your conference will require some perks back from your event. It may be that they are interested in recruitment, marketing, or some other kind of activities on the personal data of your participants. Trade carefully, everything must be transparent.

7. Will you get external help?

Companies/volunteers/software tools and services that will help you with different aspects of organizing the event? What are they going to do for you? If they touch personal data, it is probably good to know before you give it away to them.

8. Are there going to be promotions and contests?

Usually, these are treated separately, and onboarding to this kind of activities will be handled independently, but still, it is a good idea to know beforehand if you intend to do this.
As you can already imagine, this is not all, but we will anyway cover each topic from here in future articles, and then, probably, extend to some more.

All of this may look scary, and it might seem to involve a lot of work, but that isn’t the case. In the end, by trying to tackle personal privacy beforehand, you also get, as a happy byproduct, a cool fingerprint of what you need to do to have a successful event. Cheers to that!

A future article will come soon, covering the next steps. I am sure you can already guess what those are. See you soon!

Before you go

If you want to find out more about GDPR, how it affects your events, company etc. you can register to our free webinars in Timisoara and Cluj-Napoca.

About the author

Ioan Popovici

Ioan Popovici, the Chief Software Engineer of Avaelgo, Microsoft Certified Professional, Certified Information Privacy Professional / Europe, is specialized on Microsoft technologies and patterns and practices with such technologies, acting as the architect on most of Avaelgo’s solutions. He has delivered many trainings to software companies in Romania.
Digital Transformation. How to transform the company?

Digital Transformation. How to transform the company?

Cristian Barsan
Business Developement Manager, Digital Transformation Evangelist @ Avaelgo

1. The culture, the attitude

When it comes to Digital Transformation we all think about new cloud and mobile technologies, disruptive business models and innovative processes. First of all we have to admit that people’s attitude towards transformation of their company is the key for starting such a process.

Business owners are the ones who have the role of creating a culture of transformation. And a transformation is possible only with open eyes and proactive attitude about trying new things. “Fail fast, learn quickly and move forward” may be the mantra for many changes. It’s obvious that you will not risk everything. But what to risk and what to start with?

2. Top-Down vision

It must start from the top – the executive – and filter down and across to all areas of an organization. In the same idea digital transformation represents a mindset change that must fully align the business around the customer.

3. Start the plan with an accurate baseline – button-up process

The challenge is to identify core business systems and processes that continue to provide value and you will not change; and secondly identify which ones stopes business agility because of complex customizations, outdated capabilities and high maintenance costs.

Audit business processes, infrastructure and IT assets with an eye toward financial costs and value to the business. Then perform a gap analysis that looks at demands by the business for new services and the investments needed to meet those needs and support the business strategy.

Integrate the core line-of-business systems and new business initiatives with mobile, cloud, social and data analytics applications.

4. Focus on quick wins

The most important thing is to demonstrate the business value of new investments. Here is the challenge, to rapidly identify meaningful results and prove the correct direction. In this way the CIOs and/or project owner will quickly win the support of top management and budget for the next steps in digital transformation process.

So, start with well-defined projects that promise quick wins and demonstrable results.

5. Hunt for new talent

The new company processes will require new skill sets, including an entrepreneurial outlook that embraces cloud and agile IT systems. Involve HR in your new digital transformation strategy for fueling the business with right candidates now and for the future. Search for new talents, search for new skills.

6. Choose the right partner

Start and execute your digital transformation with an IT/technology partner with proven results, a partner who can be your trusted advisor both short and long term. They should have different capabilities, from strong business processes understanding, to IT infrastructure, technological support and training services for your employees.

In the end do not forget, digital transformation is about people’s courage to change and try new things, about the company’s culture and right mindset.

About the author

Cristian Barsan

Cristian Barsan Cristian has more than 12 years experience in selling business solutions in the IT and B2B environment in Romania. Previously Business Development Manager at Microsoft Romania, Cristian is now Digital Transform Evangelist at Avaelgo. His main responsibilities are the generation of new projects and the development and consolidation of customer relationships, as well as current partners and potential partners relationships.

Lift and Shift to the Cloud

Lift and Shift to the Cloud

Mihai Tataran
General Manager & Partner | Azure MVP

Note: This is a continuation of a previous article regarding migration to the Cloud you can find here.

So you are a bit more convinced that the Cloud might be a solution to you. Do you have a plethora of solutions running on premises, or maybe just one simple server with an ERP on it?

How do you proceed?
How do you make sure your migration is a success?

Lift and Shift 101

The term “Lift and Shift”, used by a lot of managed services companies, us included, is used to describe the process of taking your local infrastructure and moving it “as it is” to the Cloud, in an Infrastructure as a Service hosting type.

This is, as opposed to migrating the solution to Platform as a Service, which basically means taking advantage of the services the Cloud provider might offer, to reduce the complexity and management work of your infrastructure.

In a nutshell, here is a comparison between the two models:

Actual Lift and Shift

Even though this approach is much less risky than migrating to PaaS (which could mean re-architecting your solutions, and changing the code of your applications), it is still not quite a walk in the park. There are a few things to consider, and I list here just a few of them.

Modern or legacy solution?

Did we write/purchase the solution many years ago, when nobody was thinking about distributed systems? How about the ability of the solution to run in parallel on multiple servers, with a load balancer in front of them?

I won’t get too technical, but for legacy systems moving to the cloud might pose some problems. Recently, Microsoft Azure for example has done a great job in removing such risks, because even for such applications which weren’t designed for distributed workloads, we have the Load Balancers who can take care of this by enabling Session Stickiness or Client Affinity (both the LB from IaaS, which is a level 4 LB, and the LB from Web Apps which is a level 7 LB, can take care of this in at least a minimal way).


In theory, you take your local solution and move it to the cloud in a 1:1 manner. But it is not quite so in reality. Because you might want to change some parts of your solution in order to better benefit from the Cloud, for example:

  • Your local solution is monolithic. You have both the web server and database server on the same machine. When you go to the cloud, you might want to be able to scale those independently – meaning you want your web fronted isolated from the database to better use the resources.
  • On premises, you use something like a daemon, or a cronjob, or a Rabbit Queue, or a MSMQ. All of these have better correspondents in the cloud – meaning, services provided to us (without the operational burden on us) – and you might want to replace the local components with the services in the cloud.

So, this might affect your topology. If on premises the web server was “near” your database (calls on the same machine are an order of magnitude under 1 millisecond), the web server calling a database service in the cloud means TCP access (milliseconds per call). So, beware of such changes, think where your solution is very chatty and address those areas – sometimes with changes in code.


Because the cloud is not under our desk, the typical latency is somewhere around 40-50 milliseconds for a call to resources in the Cloud. If your users or some software clients of your backend in the Cloud need smaller latency, consider technologies like Azure Express Route, with smaller latency (under 10 ms) and guaranteed bandwidth.


A migration to ANY Cloud provider brings some degree of lock-in-ness. The moment you start moving away from using just Virtual Machines, the moment you incorporate services like SQL Azure Database, Table Storage, Cosmos DB, etc. – all great services, in your solution, that moment you become linked to that specific Cloud provider.

Moving your solution to another Cloud provider would mean replacing those specific services with their counterparts (if they exist, they usually do) from the new provider. And that means cost. So, choosing the Cloud provider is a very important decision, not only but also because of this aspect.

Hybrid loads

Even though the Cloud is great, there will always be scenarios for on premises workloads. Or even more: hybrid workloads – having parts of the solution in the Cloud, and parts of it on premises. For example you are a big enterprise and you have some customers’ front-facing applications, all of which use some backend / middle-tier components (web services), which in turn are linked to an ERP and some analytics databases. You might want to move the frontends in the Cloud so your users will experience a much better interaction (the cloud is auto-scalable), but you cannot move the backends, ERP, and some critical databases – which are used by a lot of internal systems as well. This situation is called hybrid, and it probably involves VPNs, Express Routes, or some infrastructure technologies like these.

A great technology from Microsoft is called Azure Stack. This is great specifically in hybrid scenarios because Azure Stack is using the exact same technology as Azure. Meaning: the same way to create and manage resources in Azure and on premises with Azure Stack. Which means less operational and management work: you have the exact model, the same technology, the same tools to monitor and operate your workloads, wherever they are.


Lift and Shift is usually the first approach towards the cloud we have seen with our customers. It involves less risk, it gives benefits immediately to our customers, it helps them learn how to work with the cloud, but still should be taken seriously.

About the author

Mihai Tataran

Mihai Tataran, is the General Manager of Avaelgo, and a Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers.
Migrating To The Cloud: How To Start

Migrating To The Cloud: How To Start

Mihai Tataran
General Manager & Partner | Azure MVP

The Cloud is not just a buzzword. It is one of the most innovative technologies we are living, and it is part of a profound transformation trend together with things like Virtual Reality, Machine Learning, Artificial Intelligence, just to name a few.

I write this article because:

So I will describe the common fallacies we have encountered during the talks with potential customers, and how we mitigate them.

Fallacy 1: The Cloud is just another word for co-location or hosting

It might seem so if you just scratch the surface, but it is wrong. Here are just a few reasons why I consider the Cloud a huge paradigm shift:

  • Utility costs less even if it costs more or how to pay for what you use. One might compare the cost per unit of time of a Virtual Machine from a hosting provider, with the cost of a VM from a Cloud provider. And the VM in the Cloud might seem to have the same price. Yes, but in the Cloud, you do have great mechanisms which allow you to pay only when you use it, and not pay when you don’t. First, there is the commercial model which counts pricing per minute of usage, which no hosting provider does (at least not that I know of). Second, you have the tools (automation, etc.) which enable such Start/Stop actions very easily.
  • On-demand is better than prediction or how not to lose business. Forecasting the needed IT infrastructure for a solution is estimative. You either end up paying for more IT infrastructure than you need, or your infrastructure is not sufficient at the load peaks and you lose business. Just think about Black Friday, and consider that there are also “mini-black Fridays” every week for some businesses. What if your infrastructure could scale automatically based on some restrictions and configurations that you have done? For example: “if my number of web requests per second exceeds 1000, scale up with 1 machine, etc.” This is what the Cloud is about: elasticity.
  • Real-time computation or how to access tremendous amount of computing power instantly. Very often we see complex solutions which need huge computing resources for a limited amount of time. E.g.: salaries and benefits software, credit risk analysis, etc. The traditional approach is to invest in the IT infrastructure required to run such software even if it sits unused for 90% of the time. With the Cloud, you can activate/provision the required infrastructure within minutes, use it for as much as you like it, and then stop it. The Cloud offers this flexibility and speed for getting huge resources fast, and then dismissing them.
  • Become a data-driven company. Many enterprises sit on enormous amounts of data, which is not stored, categorized, and analyzed properly. Mostly because having Big Data analysis tools on premises is extremely expensive and hard to set up. You know exactly what I am talking about if you ever considered installing a Hadoop Cluster, or even manage a SQL Server Parallel Data Warehouse system. You require diverse skills (IT administrators, DevOps, Database admins, etc.) and it costs a lot. In the Cloud, you have such amazing technologies delivered as a service: first, you do not have the hassle of setting up the infrastructure, and second, you pay per use. You have hundreds of terabytes of data and you need to analyze it? You might want to try Azure HDInsight, or Azure Analysis Services – just to give some examples from Microsoft.

There could be other reasons, but I think they are enough to describe why the Cloud is such different.

Fallacy 2: It is hard to migrate to the Cloud

Yes, moving to the Cloud is not just a walk in the park. Especially if you consider moving the entire infrastructure or core solutions.

That is why we always recommend a step by step approach. While we try to give our customers a longer-term vision, we begin with a simple pilot project which brings immediate results. So, we do talk about cost savings in a 3-5 year period, but we start with a project which is cost effective in a few months, is sustainable from the budget perspective, and does not present enormous risks. Scenarios to start with can be many, but we have seen these most of the time:

  • Dev/Test: create Dev, Test, Staging etc. environments where the software development process becomes much more efficient and you see an immediate cost benefit.
  • Backup and Disaster Recovery: have backups of the most sensitive data in the Cloud, or even create a secondary site (active or not) in the Cloud, which could be turned on in case of a disaster in your primary infrastructure. I encourage you to read my article on Disaster Recovery.
  • Lift and shift: without benefiting from all the possible services in the Cloud, we take a workload from on premises and we move it to the Cloud as close to 1:1 as possible. This is a low risk, fast, sub optimal move to the Cloud.
  • Analytics on existing data: you already have data being collected from different sources, but for some reason (cost, complexity, etc.) you are not performing enough analytics on it.

After the successful project, you get a few benefits: there is an early win, your team gets some Cloud specific know-how, and you can further build on it.

Fallacy 3: The Cloud is not secure

Actually, one might be thinking about two different aspects: Data Privacy and Security.

Most of the relevant Cloud providers are doing a good job aligning to the data protection legislation in EU. Microsoft is the case I know best, and they have become a certification machine. A lot of technical details here. On top of this, Microsoft is the single Cloud provider who offers regions (groups of data-centers) located in EU and which are operated by local companies (more exactly in UK, Germany and France). (I only consider AWS and Google alongside Microsoft as real competitors in the Cloud today – I know I might upset some people, but IBM, Oracle and others are kind of niche players or very small compared to the other 3).

As per security, we must consider the fact that a Cloud provider is facing millions of attacks per day. They are facing them, and are learning from them as well. Think about it this way: any new type of attack is analyzed (using Machine Learning) and all customers of that Cloud providers benefit from these findings. As opposed to you staying on your island where you get no specific protection for sophisticated attacks. This is why the actual way to see things should be: “I need to go to the Cloud because of security”. More information about how Microsoft is acting on security here.


The Cloud is here, and you should think about using it because of the huge benefits it could bring. Yes, it is not an easy path migrating to the Cloud, but it has been done by many, there is a lot of expertise on how to do it, and you can take it step by step.

About the author

Mihai Tataran

Mihai Tătăran is the General Manager of Avaelgo, and a Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers.

Creating a Culture of Business Continuity

Creating a Culture of Business Continuity

Diana Tataran
Marketing Professional

How often do disasters happen?
And how can they possibly affect my business?

How often do disasters happen? And how can they possibly affect my business?

Let’s start by defining “disaster” in terms of business.

Well, disaster is just about anything that disrupts your normal business operations.

From a cyber attack to adverse weather.
From fire to an unplanned IT outage.
From human error to transport network disruption.

Luckily, Business Continuity has moved beyond the basic recovery of technology and facilities and is focused on protecting the reputation and business value, whenever an organization is threatened by unexpected events.

Start planning for just about anything that may put your business operations at risk!

Backup fast, recover faster than before, and plan your business continuity!

Learn more about how you can protect your business and assure it’s continuity here.

About the author

Diana Tataran

Diana Tătăran is a marketing professional at Avaelgo. Previously, Diana worked as software developer for 7 years, and as project manager for 2 years. Between 2008 – 2011, Diana was recognized as a Microsoft Community Influencer for her contributions within the IT community.

The job of the IT Consultant / Advisor in the time of Digital Transformation

The job of the IT Consultant / Advisor in the time of Digital Transformation

Mihai Tataran
General Manager & Partner | Azure MVP

First of all I should begin with what I do: I manage a 40+ IT consulting, training and software development company, and I work as a trainer and consultant for customers in Romania and abroad, mostly on the Cloud technology. This article is based on what we do here in Avaelgo.

To set the context, I believe the change of the IT consultant’s job is influenced by at least 3 factors:

  • The IT world and it’s fast evolution
  • People in IT
  • The Customer

Today’s IT world is evolving very fast and is getting more complex. To quote Mr. Nadella (Microsoft CEO) „Our industry does not respect tradition – it only respects innovation.” We are living times with amazing developments in our industry, to name just a few: Cloud, Machine Learning, Artificial Intelligence, Virtual Reality and so on – all game changers, all paradigm shifters in the way we do business.

Another aspect is people: an estimate of Gartner says that by 2020 we will have 10 times more servers and 1.5 times more people in IT, which indicates that the current lack of qualified personnel will become deeper and more dramatic. While at a first glance this might seem as an insurmountable problem, actually this issue paves the way to innovation and automation at other levels, including the way we manage large software infrastructures.

And the third I mentioned: the Customer. Due to technological evolution (e.g. the internet) the Customer is much more informed about his needs than he/she was 10 years ago. A typical buyer journey has changed so dramatically, that by the time the Customer engages us as a potential supplier, they have already made up their mind in a percentage of more than 50%.

This means the salesman does not have the upper hand anymore, there is no information asymmetry, there is a much lesser chance to „influence” the Customer. This also brings a challenge: what if the Customer is poorly or wrongly informed?

The Journey of a Consultant

The consultant’s job is not a technical job only, it has never been, but the non-technical aspect is increasing more and more. What I propose here is to discuss in detail what a Consultant might do in the real world.

I marked with a different color what we typically believe is the job of a Consultant. Now I would like to explore the other aspects as well.

Value creation

All products and services start here. We sometimes assume what the Customer wants, but we need to better define how we will make it, how we will deliver it, and what will make us special so that the Customer will buy from us. One of the key elements in this stage would be to define the Differentiated Value Proposition. Here is a simple schema specifying how to do this:

value creation

Source: Gartner

Marketing Outbound vs Inbound

Because the Customer has changed, and he/she is much more informed than 10 years ago, and because no-one has the time and will to be interrupted with cold calls from desperate salespeople trying to sell something, we also need to approach marketing in a different way. It needs to change from Outbound, where we call out to whoever is at the end of the communication channel when we want, with activities like telesales, newsletters, user events, etc. To Inbound – try to attract Customers (when they want, on their own time and rules) by posting relevant content about their needs we can fulfill, with actions like blog posts, videos, slides, social media, conferences presentations, etc.

While both Value Creation and Marketing are mostly a marketing job, the Consultant can be of great help, because he/she knows best what the company is actually doing during the IT projects. So the tasks needed from the Consultant would be: write articles, produce short videos, make conference presentations – all about things he/she encounters during the real projects.


Many of us expect already that the Consultant would help during the sales phase, with activities like demos, technical presentations, proof of concepts, etc. What I value a lot in a Consultant is also the ability to sell: convince the customer our solution or approach responds better to the Customer’s problems.

Now, a huge problem a Consultant with a technical background trying to sell has sometimes (and I have done it a lot of times as well) is going to the Customer and talking about the product’s or service’s attributes. Things like: „the bandwidth is this or that, the delay is 40 milliseconds” – you get the picture. The Customer couldn’t care less about product features: yes, people in the Customer’s organization actually care about the delay between their premises and your datacenter, but that is at a lower level than the initial discussion, or in other words too much of a detail for the managers running the business you are trying to help. What they value are things like:

  • Time, reliability (peace of mind), ease, flexibility
  • Quality, status, aesthetics, emotional impact

A much better approach to the Customer would be to talk about Values, as opposed talking about product Attributes. Here is an example when talking about Cloud projects:


Another very interesting aspect relevant to sales, is the Consultant’s profile. Thanks to my friends from Consalta (a Cloud marketing and sales organization) I found out that there are 5 behavioural patterns of a person, and only one of them has clear advantage. They are:

  • Hard worker
  • Challenger
  • Relationship builder
  • Lone wolf
  • Reactive problem solver

If you think the relationship builder has the biggest chance to bring more sales, you are like me, and you are wrong. I also thought this in the beginning and found out the hard way that the relationship builder is great as an Account Manager (whose primary task is to keep the Customer happy), but not as a Consultant helping sales. The best would be the challenger:

sales challenger


Finally, the Consultant has to work, to do the actual project. This is nothing new to you, so I won’t explore this phase. We should always keep in mind, though, that we are not building a project (whatever that might be), but instead we are delivering a service to our customer. A very good description of what I am saying here can be found in Peter Leeson’s presentation at ITCamp 2017 called „Assembly of Japanese Bicycle Require Great Peace of Mind”


The project is done, long live the project!

Because of the technology advancements, partially described in the introduction, there is more and more need for companies to buy the IT projects we deliver in a recurrent model as opposed to a transactional model, which dominated the world since the apparition of server Operating Systems, ERP, enterprise scale Database Servers, etc.

Why? Because more of the whole IT is being purchased in a recurrent, subscription model. It is by far more attractive for the Customer to pay as they use (operational expenditure) than purchase in advance inside a multi-year contract (capital expenditure) which also means blocking the price at a certain level without benefiting from the price reduction the big IT vendors make every few months nowadays. There are business models through which a large enterprise can purchase Cloud with a monthly invoice, paying as they use, getting the new prices as the vendor reduces them, and not having to be locked into a contract for years.

Probably one of the most important ways to make sure a services company stays relevant in a recurrent model is to become a true Advisor. I define an Advisor through these attributes:

  • Acts as a trusted partner. Which means telling the Customer that „this” is not the best solution even if that means losing short term sales.
  • Play in their interest. For example, explain to them how they can reduce the total spending with IT: new services in the Cloud, new prices, etc.
  • Training. Enable the Customer to make the best out of the IT they purchased by periodical workshops/webinars/etc.

This model is pretty new, but it is catching, especially because even the Customer knows that the best IT resources for very specific needs are not in their organization, but outside in the companies which are specialized on those niches.


Our opinion here in Avaelgo is that the Consultant’s job, whom we might now call Advisor, is much more complex than it used to be. I cannot end this better but with the journey from nothing really to recurring business:

About the author

Mihai Tataran

Mihai Tătăran is the General Manager of Avaelgo, and a Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers.

Pin It on Pinterest