GDPR: Consumer goods firms risk $320bn if unprepared for new data regulation

Jul 14, 2016 | CPG, FMCG digital marketing food and beverages, Regulation

The global consumer product industry is failing to prioritise security and privacy and is at risk of losing a maximum of $320 billion due to General Data Protection Regulation (GDPR) penalties. Research finds firms are placing increasing emphasis on customer insights while not putting appropriate safeguards in place, a strategy that is leaving customers’ personal […]

The global consumer product industry is failing to prioritise security and privacy and is at risk of losing a maximum of $320 billion due to General Data Protection Regulation (GDPR) penalties.


eu%20lock.jpg
Research finds firms are placing increasing emphasis on customer insights while not putting appropriate safeguards in place, a strategy that is leaving customers’ personal data vulnerable
A report by Capgemini Consulting’s Digital Transformation Institute, the global strategy and transformation consulting organisation of the Capgemini Group, reveals that many consumer products organisations are taking risks with the security and privacy of their customer data.
· Over 90 percent of companies have experienced customer data security breaches
· 46% percent of firms have been unable to frame clear, non-negotiable policies on customer data security and privacy
· When the GDPR comes into force in 2018, CP firms will have to prove they comply with strict data protection regulations – or risk losing up to 4% of their global turnover
· Consumer insights is now a key priority for over 80 percent of executives of large consumer products organisations, supporting operations (57 percent), sales (53 percent) and marketing and product development (58 percent)
They are failing to put in place proper processes and safeguards in the rush to harvest as much information as possible and realise the rewards promised by deep, real-time consumer insights. The report reveals almost half of consumer products companies do not have a clear policy on customer data security and privacy and that 90 percent have experienced customer data breaches.
The forthcoming General Data Protection Regulation (GDPR) is designed to govern data security and privacy in all sectors, and enforces strict penalties for breaches, applying fines up to four percent of a company’s global annual turnover or €20 million, whichever is greater. Though the legislation has been created by the European Union, it is expected to have global impact, as the law applies to any company that holds data within Europe.
The report calculates the consumer products companies currently failing to comply would be at risk of a cumulative $323 billion in financial penalties, if the GDPR were in effect today and if the highest fines were applied.
Key UK findings:
· 36% of UK respondents said they had framed clear, non-negotiable policies on customer data security and privacy – this is the lowest of any market
· 12% of UK respondents said they have been ‘very successful’ with their insights exploitation so far – the highest of any other European market
· 29% of UK respondents said the nature of consumer insights at their organisation were ‘very strategic’ – this is the joint lowest of any market (with France)
· 50% of UK respondents said their security practices do not comply fully with industry regulations – this is the joint highest of any market (with Netherlands)
“Consumer Insights: Finding and Guarding the Treasure Trove”, a survey of 300 executives at 86 large global consumer products firms with combined revenue of over $756 billion, reveals an industry caught between the efforts to drive increased value through consumer data analysis, and customer concerns about privacy and security.
In recent years, empowered by technological advances and a shift towards online shopping, consumer products firms have undertaken significant initiatives to collect customer data. Such initiatives aim to gain a deeper understanding of customers’ behaviour and purchasing patterns.
The benefits for organisations succeeding are significant, with data-driven consumer insights capable of driving substantial improvements to services, products and brands. Over 80 percent of executives of large consumer products organisations state that using insights in this way is a key priority.
However, despite the importance of consumer insights, there is widespread failure to protect the customer data. The report finds that 46 percent of firms have been unable to frame clear, non-negotiable policies on customer data security and privacy, while over 90 percent of companies have experienced customer data security breaches.
Kees Jacobs, Consumer Goods & Retail Lead, Insights & Data Global Practice, Capgemini said: “While the official date for implementation is 2018, the impact of the General Data Protection Regulation is coming much more quickly than people seem to realise, and the consumer products industry appears not yet to be prepared. Finding the balance between sensitively handling consumer data, ensuring that information is secure, and using consumer insights to deliver a better experience is extremely challenging. Consumer trust is at stake, and in many instances it’s clear that the risks have either been overlooked or ignored. This is an issue organisations have to tackle quickly if they are to avoid not only reputational damage but serious sanctions.”
Consumers around the world are becoming increasingly concerned about how their data is used and protected. Over 91 percent of consumers in a recent survey agreed that they have lost control of how their personal information is being collected and used by large organisations[2]. Nearly two-thirds of consumers say it is very important for them to control what information is collected about them. For many consumer products organisations, however, customer data remains an asset to be utilised. The report found that only 51 percent of consumer product firms provide people with the option to control the data they have collected about them, and only 57 percent empower consumers to access or view the data collected from them.
‎The Capgemini report calculates that with the current preparedness of organisations, the global consumer products industry risks sanctions with magnitudes of over 3.5 percent of its $9 trillion value by failing to comply with the GDPR, while European companies alone are facing fines of $151 billion.
In order to face these challenges Capgemini recommends a number of key steps:
1) Build the right governance structure and operating model
2) Build key capabilities with the right staff
3) Establish a Chief Privacy Officer
4) Take a step-by-step approach to develop an insight-driven business.
Furthermore companies are urged to adopt the global, industry-wide ‘Consumer Engagement Principles’, as launched by The Consumer Goods Forum.
Methodology
For “Consumer Insights: Finding and Guarding the Treasure Trove” Capgemini conducted a global survey of 300 managerial executives across 86 companies, with collective revenues of over $756 billion, in the consumer goods industry for this research. The 300 survey respondents were broadly classified amongst two categories – “Producers” of consumer insights and “Consumers” of consumer insights – in accordance to the nature of their interaction with research insights derived from consumers. In addition to the survey, Capgemini Consulting’s Digital Transformation Institute also conducted individual focus interviews with senior executives from a selection of leading consumer product companies.
Source: http://www.capgemini-consulting.com