Inadequate Breach Response Plans Mean Businesses Could Fail to Meet GDPR Notification Deadlines
London, UK: With 12 months until the EU’s General Data Protection Regulation (GDPR) comes into force, AllClear ID, the world leader in customer security, launches in Europe. The company, which has successfully handled over 5,000 data breaches, including the three largest customer breach response operations in history, plans to offer its 72-hour Reserved Response Programme to Europe in anticipation of GDPR’s breach notification requirements. AllClear ID provides the expertise, manpower and infrastructure to quickly notify and respond to customers after a data breach in order to reduce the risk of executive loss, customer loss and brand damage.
“Data breaches are one of the biggest threats facing businesses today. GDPR legislation demands a robust plan and the ability to notify millions of customers without undue delay. Businesses that suffer a GDPR breach will face fines of up to 4% of global revenue and a slow or botched customer response will attract the largest fines,” said Bo Holland, CEO of AllClear ID. “European businesses have never had to deal with large scale responses publicly, and few have the resources required to deploy a quality customer response operation. In an emergency, these organisations suddenly realise they have a bucket brigade when they really need a professional fire department.”
Data breaches are growing in magnitude. Over three million records are compromised daily, with 59% of breaches reportedly related to identity theft. This is expected to rise further, despite a Gartner survey forecasting an €80 billion spend on cyber security technology as businesses seek to fortify porous systems.
From the 25th of May 2018, regulators will have the power to levy punitive damages including a €20m fine or 4% of global turnover – whichever is greater – if the following requirements are not met:
- All breaches must be reported to regulators within 72 hours of the organisation becoming aware of it
- The regulator must also be informed of “effective, proportionate and dissuasive” measures taken/proposed to address the breach and/or mitigate its effects
- If the breach is sufficiently serious to warrant notification to affected customers, the organisation responsible must do so without undue delay
AllClear ID is planning to introduce its unique Reserved Response service that guarantees 72-hour deployment of the expertise, manpower and infrastructure required to respond to a GDPR data breach. Reserved Response has been operational in the U.S. since 2015 and remains the only service of its kind. In just two years, 75 of the largest consumer brands in the world have adopted Reserved Response to keep their customers safe. AllClear ID’s Reserved Response service will guarantee businesses:
- have a proven and pressure tested breach response plan in place so the regulator is informed of measures taken
- have an emergency breach response team with the experience and scale required to deal with mass customer notifications, inbound enquiries and identity repair cases
- have a secure, instant communications channel to their customers to minimise the impact of phishing attacks posing as the official breach notification
- reduce the risk of executive loss, customer loss and brand damage that arise from a poorly managed response
With its in-app eNotification capability, AllClear ID can communicate with millions of affected customers of breaches instantly and securely. This slashes notification time and eliminates postage costs that could run to €2.2m for 10m affected customers, according to a Ponemon Institute study.
Ultimately, how a company responds to a data breach determines the severity of the consequences more so than the breach itself. Companies with reserved manpower and infrastructure are tangibly more resilient to disruption from an attack. “Companies cannot guarantee that they will not have a GDPR breach, but they can mitigate the consequences by guaranteeing a swift, and high quality response that scales to meet customer demand,” concluded Holland.