Skip to Content

Consumer goods firms unprepared for new data regulation, risking over $320 billion in fines

12 Jul 2016

Paris – A report by Capgemini Consulting’s Digital Transformation Institute, the global strategy and transformation consulting organization of the Capgemini Group, reveals that many consumer products organizations are taking risks with the security and privacy of their customer data. They are failing to put in place proper processes and safeguards in the rush to harvest as much information as possible and realize the rewards promised by deep, real-time consumer insights. The report reveals almost half of consumer products companies do not have a clear policy on customer data security and privacy and that 90 percent have experienced customer data breaches.

The forthcoming General Data Protection Regulation (GDPR) is designed to govern data security and privacy in all sectors, and enforces strict penalties for breaches, applying fines up to four percent of a company’s global annual turnover or €20 million, whichever is greater. Though the legislation has been created by the European Union, it is expected to have global impact, as the law applies to any company that holds data within Europe. The report calculates the consumer products companies currently failing to comply would be at risk of a cumulative $323 billion in financial penalties, if the GDPR were in effect today and if the highest fines were applied.

Consumer Insights: Finding and Guarding the Treasure Trove”, a survey of 300 executives at 86 large global consumer products firms with combined revenue of over $756 billion, reveals an industry caught between the efforts to drive increased value through consumer data analysis, and customer concerns about privacy and security.

In recent years, empowered by technological advances and a shift towards online shopping, consumer products firms have undertaken significant initiatives to collect customer data. Such initiatives aim to gain a deeper understanding of customers’ behavior and purchasing patterns. The benefits for organizations succeeding are significant, with data-driven consumer insights capable of driving substantial improvements to services, products and brands. Over 80 percent of executives of large consumer products organizations state that using insights in this way is a key priority.

However, despite the importance of consumer insights, there is widespread failure to protect the customer data. The report finds that 46 percent of firms have been unable to frame clear, non-negotiable policies on customer data security and privacy, while over 90 percent of companies have experienced customer data security breaches.

Kees Jacobs, Consumer Goods & Retail Lead, Insights & Data Global Practice, Capgemini said: “While the official date for implementation is 2018, the impact of the General Data Protection Regulation is coming much more quickly than people seem to realize, and the consumer products industry appears not yet to be prepared. Finding the balance between sensitively handling consumer data, ensuring that information is secure, and using consumer insights to deliver a better experience is extremely challenging. Consumer trust is at stake, and in many instances it’s clear that the risks have either been overlooked or ignored. This is an issue organizations have to tackle quickly if they are to avoid not only reputational damage but serious sanctions.”

Consumers around the world are becoming increasingly concerned about how their data is used and protected. Over 91 percent of consumers in a recent survey agreed that they have lost control of how their personal information is being collected and used by large organizations . Nearly two-thirds of consumers say it is very important for them to control what information is collected about them. For many consumer products organizations, however, customer data remains an asset to be utilized. The report found that only 51 percent of consumer product firms provide people with the option to control the data they have collected about them, and only 57 percent empower consumers to access or view the data collected from them.

Stan Sthanunathan, Executive Vice President – Consumer & Market Insights at Unilever: “What’s clear in this report is that consumer insights capabilities are becoming increasingly important engines within consumer products companies. But with this comes responsibility. Collecting and using customer data at scale demands a new kind of organization, approach and leadership. With GDPR just around the corner, companies need to make sure they are ready.

‎The Capgemini report calculates that with the current preparedness of organizations, the global consumer products industry risks sanctions with magnitudes of over 3.5 percent of its $9 trillion value by failing to comply with the GDPR, while European companies alone are facing fines of $151 billion.

In order to face these challenges Capgemini recommends a number of key steps:

  1. Build the right governance structure and operating model
  2. Build key capabilities with the right staff
  3. Establish a Chief Privacy Officer
  4. Take a step-by-step approach to develop an insight-driven business.

Furthermore companies are urged to adopt the global, industry-wide ‘Consumer Engagement Principles’, as launched by The Consumer Goods Forum.

For more information log onto ***

For “Consumer Insights: Finding and Guarding the Treasure Trove” Capgemini conducted a global survey of 300 managerial executives across 86 companies, with collective revenues of over $756 billion, in the consumer goods industry for this research. The 300 survey respondents were broadly classified amongst two categories – “Producers” of consumer insights and “Consumers” of consumer insights – in accordance to the nature of their interaction with research insights derived from consumers. In addition to the survey, Capgemini Consulting’s Digital Transformation Institute also conducted individual focus interviews with senior executives from a selection of leading consumer product companies.

The Digital Transformation Institute is Capgemini Consulting’s in-house think-tank on all things digital. The Institute publishes research on the impact of digital technologies on large traditional businesses. The team draws on the worldwide network of Capgemini experts and works closely with academic and technology partners. The Institute has dedicated research centers in the United Kingdom and India.

Capgemini’s Insights & Data Global Practice has over 10,000 professionals and supports enterprises on their journey to an insight-driven business by leveraging the new data landscape to create insights at the point of action.

1 – Figure calculated by taking the total revenues of surveyed companies who had experienced a data breach ($756.3 billion) and the maximum applicable penalty based on GDPR regulation (either 4percent of global annual revenues or €20 million, whichever is greater), resulting in $26 billion in fines, before extrapolating to the global consumer products industry worth an estimated $9,044 billion, resulting in an impacted revenue of $ 323 billion globally. NB. Many mitigation factors will also be taken into account.

2 – Pew Research Center, “The state of privacy in America: What we learned”, January 2016