If you thought a theft of customer data was a marketing nightmare before the new General Data Protection Regulation (GDPR), it’s time to wake up.
Under GDPR regulations for companies handling the personal data of EU citizens, companies must identify the breach, find out which individuals have been impacted and notify them — all within a 72-hour period.
But those three days probably seem like a luxurious vacation to banks in India, according to Ted Bardusch, chief information security officer of customer engagement hub Usermind.
Two years ago, The Reserve Bank of India decreed that any banks suffering a security breach must report it in no more than six hours.
Whatever the actual number of hours in your jurisdiction, the trend is clear. The length of time that companies have to publicly respond to a security breach is getting shorter and shorter.
Aside from better security measures, Bardusch suggests that brands should now extend customer journeys past their end zone of a loyalty or brand advocate stage and into a set of steps to handle customer interactions during a security breach. Obviously, the more planning a brand does beforehand, the faster it can respond.