Consumer goods firms unprepared for GDPR risk fines of $320 billion

A report by Capgemini Consulting’s Digital Transformation Institute has revealed that many consumer products organizations are taking risks with the security and privacy of their customer data.

They are failing to put in place proper processes and safeguards in the rush to harvest as much information as possible and realize the rewards promised by deep, real-time consumer insights. The report reveals almost half of consumer products companies do not have a clear policy on customer data security and privacy and that 90 percent have experienced customer data breaches.

The forthcoming General Data Protection Regulation  or GDPR, is designed to govern data security and privacy in all sectors, and enforces strict penalties for breaches, applying fines up to four percent of a company’s global annual turnover or €20 million, whichever is greater. Though the legislation has been created by the European Union, it is expected to have global impact, as the law applies to any company that holds data within Europe. The report calculates the consumer products companies currently failing to comply would be at risk of a cumulative $323 billion in financial penalties, if the GDPR were in effect today and if the highest fines were applied.



Consumer Insights: Finding and Guarding the Treasure Trove”, a survey of 300 executives at 86 large global consumer products firms with combined revenue of over $756 billion, reveals an industry caught between the efforts to drive increased value through consumer data analysis, and customer concerns about privacy and security.

Consumer Shift

In recent years, empowered by technological advances and a shift towards online shopping, consumer products firms have undertaken significant initiatives to collect customer data. Such initiatives aim to gain a deeper understanding of customers’ behavior and purchasing patterns. The benefits for organizations succeeding are significant, with data-driven consumer insights capable of driving substantial improvements to services, products and brands. Over 80 percent of executives of large consumer products organizations state that using insights in this way is a key priority.

However, despite the importance of consumer insights, there is widespread failure to protect the customer data. The report finds that 46 percent of firms have been unable to frame clear, non-negotiable policies on customer data security and privacy, while over 90 percent of companies have experienced customer data security breaches.

Kees Jacobs, Consumer Goods & Retail Lead, Insights & Data Global Practice, Capgemini said: “While the official date for implementation is 2018, the impact of the General Data Protection Regulation is coming much more quickly than people seem to realize, and the consumer products industry appears not yet to be prepared. Finding the balance between sensitively handling consumer data, ensuring that information is secure, and using consumer insights to deliver a better experience is extremely challenging. Consumer trust is at stake, and in many instances it’s clear that the risks have either been overlooked or ignored. This is an issue organizations have to tackle quickly if they are to avoid not only reputational damage but serious sanctions.”

Consumers around the world are becoming increasingly concerned about how their data is used and protected. Over 91 percent of consumers in a recent survey agreed that they have lost control of how their personal information is being collected and used by large organizations . Nearly two-thirds of consumers say it is very important for them to control what information is collected about them. For many consumer products organizations, however, customer data remains an asset to be utilized. The report found that only 51 percent of consumer product firms provide people with the option to control the data they have collected about them, and only 57 percent empower consumers to access or view the data collected from them.


Stan Sthanunathan, Executive Vice President – Consumer & Market Insights at Unilever: “What’s clear in this report is that consumer insights capabilities are becoming increasingly important engines within consumer products companies. But with this comes responsibility. Collecting and using customer data at scale demands a new kind of organization, approach and leadership. With GDPR just around the corner, companies need to make sure they are ready.”

‎The Capgemini report calculates that with the current preparedness of organizations, the global consumer products industry risks sanctions with magnitudes of over 3.5 percent of its $9 trillion value by failing to comply with the GDPR, while European companies alone are facing fines of $151 billion.

In order to face these challenges Capgemini recommends a number of key steps:

 Build the right governance structure and operating model

 Build key capabilities with the right staff

 Establish a Chief Privacy Officer

● Take a step-by-step approach to develop an insight-driven business.

● Furthermore companies are urged to adopt the global, industry-wide ‘Consumer Engagement Principles’, as launched by The Consumer Goods Forum.

View the full report.