Skip to Content

Consumer goods firms unprepared for new data regulation, risking over $320 billion in fines

12 Jul 2016

Paris – A report by Capgemini Consulting’s Digital Transformation Institute, the global strategy and transformation consulting organisation of the Capgemini Group, reveals that many consumer products organisations are taking risks with the security and privacy of their customer data. They are failing to put in place proper processes and safeguards in the rush to harvest as much information as possible and realise the rewards promised by deep, real-time consumer insights. The report reveals almost half of consumer products companies do not have a clear policy on customer data security and privacy and that 90% have experienced customer data breaches.

The forthcoming General Data Protection Regulation (GDPR) is designed to govern data security and privacy in all sectors, and enforces strict penalties for breaches, applying fines up to four percent of a company’s global annual turnover or €20 million, whichever is greater. Though the legislation has been created by the European Union, it is expected to have global impact, as the law applies to any company that holds data within Europe. The report calculates the consumer products companies currently failing to comply would be at risk of a cumulative $323 billion in financial penalties, if the GDPR were in effect today and if the highest fines were applied.

Consumer Insights: Finding and Guarding the Treasure Trove”, a survey of 300 executives at 86 large global consumer products firms with combined revenue of over $756 billion, reveals an industry caught between the efforts to drive increased value through consumer data analysis, and customer concerns about privacy and security.

In recent years, empowered by technological advances and a shift towards online shopping, consumer products firms have undertaken significant initiatives to collect customer data. Such initiatives aim to gain a deeper understanding of customers’ behaviour and purchasing patterns. The benefits for organisations succeeding are significant, with data-driven consumer insights capable of driving substantial improvements to services, products and brands. Over 80% of executives of large consumer products organisations state that using insights in this way is a key priority.

However, despite the importance of consumer insights, there is widespread failure to protect the customer data. The report finds that 46% of firms have been unable to frame clear, non-negotiable policies on customer data security and privacy, while over 90% of companies have experienced customer data security breaches.

Kees Jacobs, Consumer Goods & Retail Lead, Insights & Data Global Practice, Capgemini said: “While the official date for implementation is 2018, the impact of the General Data Protection Regulation is coming much more quickly than people seem to realise, and the consumer products industry appears not yet to be prepared. Finding the balance between sensitively handling consumer data, ensuring that information is secure, and using consumer insights to deliver a better experience is extremely challenging. Consumer trust is at stake, and in many instances it’s clear that the risks have either been overlooked or ignored. This is an issue organisations have to tackle quickly if they are to avoid not only reputational damage but serious sanctions.”

Consumers around the world are becoming increasingly concerned about how their data is used and protected. Over 91% of consumers in a recent survey agreed that they have lost control of how their personal information is being collected and used by large organisations . Nearly two-thirds of consumers say it is very important for them to control what information is collected about them. For many consumer products organisations, however, customer data remains an asset to be utilised. The report found that only 51% of consumer product firms provide people with the option to control the data they have collected about them, and only 57% empower consumers to access or view the data collected from them.

‎The Capgemini report calculates that with the current preparedness of organisations, the global consumer products industry risks sanctions with magnitudes of over 3.5% of its $9 trillion value by failing to comply with the GDPR, while European companies alone are facing fines of $151 billion.

In order to face these challenges Capgemini recommends a number of key steps:

  1. Build the right governance structure and operating model
  2. Build key capabilities with the right staff
  3. Establish a Chief Privacy Officer
  4. Take a step-by-step approach to develop an insight-driven business.

Furthermore companies are urged to adopt the global, industry-wide ‘Consumer Engagement Principles’, as launched by The Consumer Goods Forum.

For more information log onto ***

For “Consumer Insights: Finding and Guarding the Treasure Trove” Capgemini conducted a global survey of 300 managerial executives across 86 companies, with collective revenues of over $756 billion, in the consumer goods industry for this research. The 300 survey respondents were broadly classified amongst two categories – “Producers” of consumer insights and “Consumers” of consumer insights – in accordance to the nature of their interaction with research insights derived from consumers. In addition to the survey, Capgemini Consulting’s Digital Transformation Institute also conducted individual focus interviews with senior executives from a selection of leading consumer product companies.

The Digital Transformation Institute is Capgemini Consulting’s in-house think-tank on all things digital. The Institute publishes research on the impact of digital technologies on large traditional businesses. The team draws on the worldwide network of Capgemini experts and works closely with academic and technology partners. The Institute has dedicated research centres in the United Kingdom and India.

Capgemini’s Insights & Data Global Practice has over 10,000 professionals and supports enterprises on their journey to an insight-driven business by leveraging the new data landscape to create insights at the point of action.

– ENDS – 

1 – Figure calculated by taking the total revenues of surveyed companies who had experienced a data breach ($756.3 billion) and the maximum applicable penalty based on GDPR regulation (either 4% of global annual revenues or €20 million, whichever is greater), resulting in $26 billion in fines, before extrapolating to the global consumer products industry worth an estimated $9,044 billion, resulting in an impacted revenue of $ 323 billion globally. NB. Many mitigation factors will also be taken into account.

2 – Pew Research Centre, “The state of privacy in America: What we learned”, January 2016

About Capgemini Consulting

Capgemini Consulting is the global strategy and transformation consulting organisation of the Capgemini Group, specialising in advising and supporting enterprises in significant transformation, from innovative strategy to execution and with an unstinting focus on results. With the new digital economy creating significant disruptions and opportunities, the global team of over 3,000 talented individuals work with leading companies and governments to master Digital Transformation, drawing on their understanding of the digital economy and leadership in business transformation and organisational change. Find out more at:

About Capgemini

With more than 180,000 people in over 40 countries, Capgemini is a global leader in consulting, technology and outsourcing services. The Group reported 2015 global revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and delivers business, technology and digital solutions that fit their needs, enabling them to achieve innovation and competitiveness. A deeply multicultural organisation, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore®, its worldwide delivery model. Learn more about us at

Rightshore® is a trademark belonging to Capgemini