Inadequate Breach Response Plans Mean Businesses Could Fail to Meet GDPR Notification Deadlines
With the General Data Protection Regulation (GDPR) deadline looming, the requirement for businesses to be prepared to notify, support and protect their customers before a data breach happens has been fully regulated. With CBS, businesses can provide regulators with comprehensive data breach customer notification plans and enact timely and full customer notification without ‘undue delay’ in-line with GDPR requirements.
Beginning May 25th, 2018, GDPR requires businesses to quickly notify regulators and affected customers when personal information is exposed by a data breach. GDPR requires that:
- All significant breaches must be reported to regulators within 72-hours of the organisation becoming aware of the breach.
- The regulator must also be informed of measures to mitigate its possible adverse effects.
- If the breach is sufficiently serious and ‘poses a high risk’ to affected customers, the organisation responsible must also communicate the breach to the customer ‘without undue delay’.
Failure to meet these requirements risks fines of €20 million, or 4% of turnover. This failure also risks reputational damage, loss of executive staff, revenues and customers if the resulting response is inadequate. A data breach under GDPR, handled incorrectly, has the potential to destroy a business.
Any business with customers in the EU, or targeting individuals in the EU, needs a comprehensive breach response plan in place, encompassing customer notification and identity protection. A successful GDPR-compliant plan relies on speed of notification and quality of response.
The Customer Breach Support service has two core components:
- Reserved Response Support: an ongoing managed service to provide the capacity to meet a client’s customer notification requirements to a data breach under GDPR. It includes a full readiness programme with playbooks and exercises to prepare for a large-scale breach response.
- Live Customer Support: a specialist, scalable team to coordinate and deliver dedicated support and protection to a client’s customers following a data breach. It encompasses full notification services, customer support, identity protection and identity repair.
Dominic Cockram, Partner at Deloitte, said: “No business can consider themselves safe from a breach. Businesses must ensure they can respond proactively and head off the potentially damaging consequences of not complying with GDPR regulations by guaranteeing a swift, and high-quality notification response that scales to meet customer demand. The protection of customers whose personal data has been compromised is critical and must be the key focus of any response – notification, support and protection must be fast, effective and professional. To achieve this you must be ready and have the guaranteed capacity in place.”
“AllClear ID’s demonstrable experience in data breach response made it the perfect collaborator to support our delivery of data breach response services in Europe.”
Bo Holland, CEO at AllClear ID, said: “A poor customer response after a data breach can have tragic consequences, and GDPR increases the response risk dramatically. Many people think it is impossible to launch a large-scale customer response in 72-hours, but we’ve proven the opposite with 80 of the largest brands in the USA. Today, we are pleased to announce this new GDPR service with Deloitte.”
The collaboration combines Deloitte’s 20 years’ experience running managed services for its clients, successfully delivering large-scale customer outreach solutions, with AllClear ID’s 12 years of experience managing over 5,000 data breach responses. AllClear ID has handled the customer notification of three of the four largest data breach responses in history and already provides a 72-hour response guarantee in the USA. Together the collaboration provides the expertise, manpower and infrastructure to quickly notify and respond to customers after a data breach.
The GDPR customer breach notification service is available immediately in the UK, with plans to roll out services in French, Italian, German and Spanish and then globally.
If you would like to know more about the collaboration and Customer Breach Support service please visit the following website for more information: https://www2.deloitte.com/uk/en/pages/risk/solutions/customer-breach-support.html
About AllClear ID
Founded in 2004, AllClear ID is the world leader in Customer Security, providing customer notification advisory and response services to businesses that aim to protect their greatest asset: customers.
As a trusted partner with more than 10 years of specialized experience in data breach response, AllClear ID has helped thousands of businesses prepare for, respond to, and recover from data breaches, including successfully managing the three largest and most complex customer notification responses in history. The award-winning AllClear ID team is recognized for its expertise, customer service, and guaranteed deployment of large-scale response operations in as little as 72 hours.
For more information see: https://www.allclearid.com/
In this press release references to Deloitte are references to Deloitte LLP, which is among the country’s leading professional services firms.
Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL and its member firms.
The information contained in this press release is correct at the time of going to press.
For more information, please visit www.deloitte.co.uk.
Member of Deloitte Touche Tohmatsu Limited
+44 203 824 9200
+44 20 7303 2329