Inadequate Breach Response Plans Mean Businesses Could Fail to Meet GDPR Notification Deadlines 

Deloitte LLP, with 20 years of successfully delivering large-scale customer outreach solutions, and AllClear ID, Inc., the world’s leading provider of customer breach notification and identity protection, today announce their collaboration to deliver data breach customer notification services to the customers of businesses under the GDPR regulations. The collaboration will offer Customer Breach Support (CBS) to businesses, the first and only managed service in Europe that establishes and guarantees 72-hour readiness and the large-scale deployment of customer response and notification operations in the event of a data breach.

With the General Data Protection Regulation (GDPR) deadline looming, the requirement for businesses to be prepared to notify, support and protect their customers before a data breach happens has been fully regulated. With CBS, businesses can provide regulators with comprehensive data breach customer notification plans and enact timely and full customer notification without ‘undue delay’ in-line with GDPR requirements.

Beginning May 25^th, 2018, GDPR requires businesses to quickly notify regulators and affected customers when personal information is exposed by a data breach. GDPR requires that:

• All significant breaches must be reported to regulators within 72-hours of the organisation becoming aware of the breach.
• The regulator must also be informed of measures to mitigate its possible adverse effects.
• If the breach is sufficiently serious and ‘poses a high risk’ to affected customers, the organisation responsible must also communicate the breach to the customer ‘without undue delay’.

Failure to meet these requirements risks fines of €20 million, or 4% of turnover. This failure also risks reputational damage, loss of executive staff, revenues and customers if the resulting response is inadequate. A data breach under GDPR, handled incorrectly, has the potential to destroy a business.

Any business with customers in the EU, or targeting individuals in the EU, needs a comprehensive breach response plan in place, encompassing customer notification and identity protection. A successful GDPR-compliant plan relies on speed of notification and quality of response.

The Customer Breach Support service has two core components:

1. Reserved Response Support: an ongoing managed service to provide the capacity to meet a client’s customer notification requirements to a data breach under GDPR. It includes a full readiness programme with playbooks and exercises to prepare for a large-scale breach response.
2. Live Customer Support: a specialist, scalable team to coordinate and deliver dedicated support and protection to a client’s customers following a data breach. It encompasses full notification services, customer support, identity protection and identity repair.

Dominic Cockram, Partner at Deloitte, said: “No business can consider themselves safe from a breach. Businesses must ensure they can respond proactively and head off the potentially damaging consequences of not complying with GDPR regulations by guaranteeing a swift, and high-quality notification response that scales to meet customer demand. The protection of customers whose personal data has been compromised is critical and must be the key focus of any response – notification, support and protection must be fast, effective and professional. To achieve this you must be ready and have the guaranteed capacity in place.”

“AllClear ID’s demonstrable experience in data breach response made it the perfect collaborator to support our delivery of data breach response services in Europe.”

Bo Holland, CEO at AllClear ID, said: “A poor customer response after a data breach can have tragic consequences, and GDPR increases the response risk dramatically. Many people think it is impossible to launch a large-scale customer response in 72-hours, but we’ve proven the opposite with 80 of the largest brands in the USA. Today, we are pleased to announce this new GDPR service with Deloitte.”

The collaboration combines Deloitte’s 20 years’ experience running managed services for its clients, successfully delivering large-scale customer outreach solutions, with AllClear ID’s 12 years of experience managing over 5,000 data breach responses. AllClear ID has handled the customer notification of three of the four largest data breach responses in history and already provides a 72-hour response guarantee in the USA. Together the collaboration provides the expertise, manpower and infrastructure to quickly notify and respond to customers after a data breach.

The GDPR customer breach notification service is available immediately in the UK, with plans to roll out services in French, Italian, German and Spanish and then globally.

If you would like to know more about the collaboration and Customer Breach Support service please visit the following website for more information: https://www2.deloitte.com/uk/en/pages/risk/solutions/customer-breach-support.html