GDPR could create $320 billion in fines

Unsurprisingly, many consumer products organisations are taking risks with the security and privacy of their customer data. They are failing to put in place proper processes and safeguards in the rush to harvest as much information as possible and realise the rewards promised by deep, real-time consumer insights.

GDPR fines

A Capgemini Consulting’s Digital Transformation Institute survey of 300 executives at 86 large global consumer products firms with combined revenue of over $756 billion, reveals an industry caught between the efforts to drive increased value through consumer data analysis, and customer concerns about privacy and security.

Half of consumer products companies do not have a clear policy on customer data security and privacy and that 90 percent have experienced customer data breaches.

Collecting huge troves of customer data

In recent years, empowered by technological advances and a shift towards online shopping, consumer products firms have undertaken significant initiatives to collect customer data. Such initiatives aim to gain a deeper understanding of customers’ behaviour and purchasing patterns.

The benefits for organisations succeeding are significant, with data-driven consumer insights capable of driving substantial improvements to services, products and brands. Over 80 percent of executives of large consumer products organisations state that using insights in this way is a key priority.

However, despite the importance of consumer insights, there is widespread failure to protect the customer data. The report finds that 46 percent of firms have been unable to frame clear, non-negotiable policies on customer data security and privacy, while over 90 percent of companies have experienced customer data security breaches.


“While the official date for implementation is 2018, the impact of the General Data Protection Regulation is coming much more quickly than people seem to realise, and the consumer products industry appears not yet to be prepared. Finding the balance between sensitively handling consumer data, ensuring that information is secure, and using consumer insights to deliver a better experience is extremely challenging.

Consumer trust is at stake, and in many instances it’s clear that the risks have either been overlooked or ignored. This is an issue organisations have to tackle quickly if they are to avoid not only reputational damage but serious sanctions,” said Kees Jacobs, Consumer Goods & Retail Lead, Insights & Data Global Practice, Capgemini.

Consumer awareness

Consumers around the world are becoming increasingly concerned about how their data is used and protected. Over 91 percent of consumers in a recent survey agreed that they have lost control of how their personal information is being collected and used by large organisations. Nearly two-thirds of consumers say it is very important for them to control what information is collected about them.

For many consumer products organisations, however, customer data remains an asset to be utilised. The report found that only 51 percent of consumer product firms provide people with the option to control the data they have collected about them, and only 57 percent empower consumers to access or view the data collected from them.

‎The Capgemini report calculates that with the current preparedness of organisations, the global consumer products industry risks sanctions with magnitudes of over 3.5 percent of its $9 trillion value by failing to comply with the GDPR, while European companies alone are facing fines of $151 billion.

Prepare for the challenges

In order to face these challenges Capgemini recommends a number of key steps:

1. Build the right governance structure and operating model.

2. Build key capabilities with the right staff.

3. Establish a Chief Privacy Officer.

4. Take a step-by-step approach to develop an insight-driven business.

Don't miss