In my experience with company ERP systems, the one bit of them (sometimes the only bit) that you can usually guarantee works is the fiscal bit of the finance module. The rest of the ERP - inventory management, order processing, customer/supplier data, CRM, etc. - is usually somewhere on the spectrum of "not used" thru "we manage most of it in Excel" to "sort of working but you need Ellen to tweak it at month end".
The main reason for this is that no one is going to go to jail if Tesco gets 100 pallettes of baked beans instead of 10, but people can go to jail for getting the fiscal bit wrong, so they get it right, they spec it right, they test it right and they hand-crank the first few cycles in parallel, just to make sure, because no one likes using hairy soap.
Maybe if data leaks were treated like H&S, where corporate and individual criminal responsibility is assigned and poor performance can result in losing your house and going to jail, then we'd see companies take it seriously.
The downside might be that it could become expensive to process personal data - but I wouldn't necessarily see that as a problem.