The Group attaches great importance to the principle of transparency and aims to establish a relationship of trust with all its stakeholders, and in particular its consumers, employees and suppliers. The Group ensures that personal data protection and data security are at the heart of its responsible use of personal data.
In support of this ambition, the Group’s principles governing the processing of personal data (Data Privacy) have been shared all over the world to raise the awareness of all employees about respect for ethical principles and the legal and regulatory requirements in this area. These principles were updated in 2020 and are supplemented by a framework of policies, procedures and operational guidelines.
The Group has put in place a structure based on a Global Data Privacy Office (Global DPO Office), which consists of a Legal unit and a Programme unit. A Group Data Privacy Officer (DPO) was appointed in 2018 and a network of country DPOs has been set up worldwide and is constantly being strengthened (46 DPOIs in 2021). The structure also relies on a network of Head of Data Privacy in each region and in each business area (IT, Digital, Marketing, HR, Research & Innovation, Retail, Operations, etc.), who are responsible for defining and deploying privacy policies tailored to the challenges and specific features of their fields.
A Global Strategic Data Privacy Committee was set up to establish strategic guidelines and ensure the data privacy programme is rolled out within the Group. Led by the Group DPO, this Committee is composed specifically of the Chief Financial Officer, the Chief Ethics, Risk and Compliance Officer, the Group General Counsel and the Chief Information Officer. For the sake of consistency and operational efficiency, a Data Privacy Steering Committee is in place for each region.
This governance notably aims to monitor the Group’s compliance with different laws, such as the GDPR in Europe, the CCPA in California, the LGPD in Brazil, the PIPL in China or the POPI Act in South Africa, by ensuring the involvement of all stakeholders and by adapting customer, supplier and business line processes to the Group’s rules and to applicable local laws.
In order to comply with European rules, the Group has established a record of data processing performed in Europe. This tool is also offered in countries not subject to the GDPR that wish to use it in order to map their processing operations.
In support of the “privacy by design” principle, the Group has also developed and deployed a digitalised tool that is available to operational staff, to help them to ensure that a project complies with operational principles and rules relating to data privacy from the very start and to carry out the required privacy impact assessments.
All employees within the Group have access to an awareness-raising programme on the protection of personal data. Specific training is also available for the main business lines. An Intranet site dedicated to this subject can be accessed at anytime by all employees worldwide.
The Group Internal Control is in charge of organising a self-assessment of the implementation of the data privacy compliance programme for all countries and business lines. This evaluation is performed annually. As part of the Group’s digital activities, the Internal Audit Department conducts dedicated audit checks on the protection of the personal data of consumers. This control has been supplemented by the creation and deployment in 2019 of a specific audit programme on the protection of personal data, aimed at all European countries that are subject to GDPR and this programme is conducted by an independent auditor.
| Brand programmes |
Conscious of the influencing ability of its brands, L’Oréal encourages them to inform and mobilise their business partners, customers and consumers around the major environmental and societal challenges facing the world. Each brand must therefore identify an environmental or societal cause of its own, support a community partner involved in the field, and conduct awareness-raising and outreach campaigns with its consumers in order to contribute to change. (see section 4.3.1.3.2. “Involving consumers in the Group’s transformation” of this document) |
|---|---|
| Transparency and awareness | Transparency and awareness
Conscious of the influencing ability of its brands, L’Oréal encourages them to inform and mobilise their business partners, customers and consumers around the major environmental and societal challenges facing the world. Each brand must therefore identify an environmental or societal cause of its own, support a community partner involved in the field, and conduct awareness-raising and outreach campaigns with its consumers in order to contribute to change. (see section 4.3.1.3.2. “Involving consumers in the Group’s transformation” of this document)
|
| Product quality and safety | Product quality and safety
Conscious of the influencing ability of its brands, L’Oréal encourages them to inform and mobilise their business partners, customers and consumers around the major environmental and societal challenges facing the world. Each brand must therefore identify an environmental or societal cause of its own, support a community partner involved in the field, and conduct awareness-raising and outreach campaigns with its consumers in order to contribute to change. (see section 4.3.1.3.2. “Involving consumers in the Group’s transformation” of this document) Consumer safety is an absolute priority for L’Oréal: assessing safety is central to any new product development process and a prerequisite before any new product can be brought to the market.(see section 4.3.1.3.2. “Involving consumers in the Group’s transformation” of this document) |
