GDPR Fines Could Cost Firms Over $320 Billion

GDPR Fines Could Cost Firms Over $320 Billion

Firms that sell consumer products are risking hundreds of billions in General Data Protection Regulation (GDPR) fines globally because of security and privacy failings, with UK organizations among the worst performing, according to Capgemini Consulting.

The global consultancy interviewed 300 managerial level executives in the consumer goods space with combined revenues of over $756 billion to compile its latest report, Consumer Insights: Finding and Guarding the Treasure Trove.

It found that in the rush to sweep up customer data to provide insights for sales and marketing, operations and product development, these firms risk contravening the forthcoming European GDPR.

With fines of up to 4% of annual global turnover promised when the new law comes into force in May 2018, they risk penalties which could reach a combined total of up to $320 billion, Capgemini claimed.

This is because over 90% of firms interviewed have experienced data breaches, while nearly half (46%) have no clear non-negotiable policies on customer data security and privacy.

However, in the UK things are somewhat worse, with just 36% of respondents claiming to have such policies in place – the lowest of any market studied.

In addition, half of UK firms said their security practices do not comply fully with industry regulations – joint top with the Netherlands.

What’s more, nearly a third (29%) of UK respondents said their consumer insights were “very strategic” – the joint lowest of any market, alongside France.

Capgemini recommended firms address these shortcomings by establishing a chief privacy officer, and taking the time to build a proper governance structure and operating model.

"Those ahead of the pack have both executive sponsorship at the highest levels and have worked hard on their operating models to exploit new data and analytics at scale,” argued Jules Morgan, head of the Insights & Analytics Centre of Excellence at Capgemini.

“There is still some way to go though across functions. As a home to many global players, British Champions need to get ready for the new EU GDPR legislation.”

Although the UK has voted to leave the European Union, it has yet to state its official intent. Experts have argued time and again that – for many reasons – UK organizations should stay on the path to compliance with the GDPR.

Source: Information Security Magazine