2021 UNIVERSAL REGISTRATION DOCUMENT

3. Risk factors and control environment

Business risks/Data  
Risk identification Risk management

The data collected and processed by L’Oréal or its partners, the volume of which is increasing with the growth in digital activities, particularly personalised services for consumers, could be altered, lost, illegitimately copied or transferred or even fraudulently used.
Furthermore, personal data protection regulations are being reinforced throughout the world. In particular, the European General Data Protection Regulation (EU) 2016/679 of 27 April 2016, which entered into force on 25 May 2018, (GDPR) provides for major sanctions in Europe, as does the CCPA in California, the LGPD in Brazil or the PIPL in China and the POPI Act in South Africa.

Any breach of data integrity or confidentiality, notably personal data processed by L’Oréal or its partners, for exogenous or endogenous reasons (including intrusions, malicious acts, etc.) could have a significant impact on its reputation and consumer confidence and thus on the Group’s business activities.

The data collected and processed by L’Oréal or its partners, the volume of which is increasing with the growth in digital activities, particularly personalised services for consumers, could be altered, lost, illegitimately copied or transferred or even fraudulently used.
Furthermore, personal data protection regulations are being reinforced throughout the world. In particular, the European General Data Protection Regulation (EU) 2016/679 of 27 April 2016, which entered into force on 25 May 2018, (GDPR) provides for major sanctions in Europe, as does the CCPA in California, the LGPD in Brazil or the PIPL in China and the POPI Act in South Africa.

Any breach of data integrity or confidentiality, notably personal data processed by L’Oréal or its partners, for exogenous or endogenous reasons (including intrusions, malicious acts, etc.) could have a significant impact on its reputation and consumer confidence and thus on the Group’s business activities.

 

The Group constantly and progressively deploys policies, training and data management tools as well as the associated organisational and technical measures. The Global IT Department has introduced strict rules with about data security (back-up, protection of, and access to confidential data).

The Group’s principles governing the processing of personal data have been rolled-out all over the world to raise the awareness of all employees about respect for ethical principles, and legal and regulatory requirements in the matter.

An organisation has been set up based on a Global Data Privacy Department at Group level, comprising a legal unit and a programme  unit. A Group Data Protection Officer was appointed in 2018 and a network of 46 Country DPOs has been created, for all countries in the European zone and gradually in other regions of the world.

The governance set up is based on a Global Governance Committee, a Steering Committee by region, as well as a network of Heads of Data Privacy within the Métiers and Zones, responsible for the protection of personal data, which provide support to all operational stakeholders involved.

This governance notably aims to monitor the Group’s compliance with different laws, by ensuring the mobilisation of all stakeholders and by adapting customer, supplier and business line processes to the Group’s rules and to applicable laws.
Business risks/Market and innovation  
Risk identification Risk identification

 

Risk management

L’Oréal is subject to constant pressure from many competitors in all countries due to:

  • its size and the positioning of its brands in various markets in which major international groups operate;
  • local brands and new players coming from the digital economy;
  • rapid technological changes in emerging fields of research by new operators.

If the Group fails to anticipate or respond to changes in consumer expectations, especially in the areas of natural beauty, health, personalised services, connected things and environmental commitments, with innovative and adapted product offerings, its sales and growth could be affected.

L’Oréal is subject to constant pressure from many competitors in all countries due to:

  • its size and the positioning of its brands in various markets in which major international groups operate;
  • local brands and new players coming from the digital economy;
  • rapid technological changes in emerging fields of research by new operators.

If the Group fails to anticipate or respond to changes in consumer expectations, especially in the areas of natural beauty, health, personalised services, connected things and environmental commitments, with innovative and adapted product offerings, its sales and growth could be affected.

 

The Group continually adapts its innovation model and is constantly increasing its investments in research and digital services. L’Oréal’s research teams innovate to respond to the infinite diversity of beauty aspirations all over the world. The Consumer & Market Insights Department within the Innovation Department is constantly monitoring changes in consumer expectations by product category and major regions of the world.

All of these research programmes, which are part of a long-term vision, allow L’Oréal to meet the challenges of innovation (see section 1.2.6.“The bet on Research, Safety and Innovation” of this document).

The Digital General Management is responsible for accelerating the Group’s digital transformation by helping the brands create enriched spaces for expression and helping teams to establish more interactive, close-knit and bespoke relationships with consumers.

Consumer expectations with regard to sustainability are also at the here of the L’Oréal for the Future programme (see Chapter 4 of this document) and are taken into account in developing the Group’s brand and product portfolio.

Finally, the Group’s acquisition strategy always takes into account changes in the competitive environment.