A Global Strategic Data Privacy Committee was set up to establish strategic guidelines and ensure the personal data protection programme is rolled out. Led by the Group DPO, this Committee is composed specifically of the Chief Financial Officer, the Chief Ethics, Risk and Compliance Officer, the Group General Counsel and the Chief Information Officer. For the sake of consistency and operational efficiency, a Steering Committee is in place for each Zone.
This governance ensures the Group’s compliance with different laws, such as the GDPR in Europe, the CCPA in California, the LGPD in Brazil, the PIPL in China or the POPI Act in South Africa. It ensures stakeholder involvement and that client, supplier and business processes are adapted to applicable local laws.
In order to comply with European rules, the Group has established a record of data processing performed in Europe. This tool is also offered in countries not subject to the GDPR that wish to use it.
In support of the privacy by design principle, the Group has deployed a digitalised tool that is available to operational staff. This tool helps them to ensure that a project complies with operational principles and rules relating to personal data protection from the very start and to carry out the required privacy impact assessments.
All employees within the Group have access to an awareness‑raising programme on the protection of personal data. Specific training is available for the main business lines. An Intranet site dedicated to this subject can be accessed at any time by all employees worldwide.
The Group Internal Control organises annual self-assessment of the implementation of the personal data protection compliance programme for all countries and business lines.
As part of the Group’s digital activities, the Internal Audit Department conducts audit checks on the protection of the personal data of consumers.
Since 2019, a specific audit programme on personal data protection has been aimed at all European countries that are subject to GDPR, which has been conducted by an independent auditor.
| Brand commitments | L’Oréal encourages its brands to raise awareness and engage their stakeholders on the major environmental and societal challenges. Each brand must:
|
|---|---|
| Transparency and awareness |
|
| Product quality and safety | Consumer safety is an absolute priority for L’Oréal. Assessing safety is central to any new product development process and a prerequisite before any new product can be brought to the market.(see section 4.3.1.3.2.). |
L’Oréal has implemented several other policies that contribute to the respect of employees’ Human Rights and Fundamental Freedoms, notably through its policies on workplace health and safety, social dialogue and diversity, and its Share & Care programme (see section 4.3.2.4.).
The Group ensures that all employees receive at least the minimum salary set by local law or the applicable collective agreements, and that they receive a living wage(1) that covers their basic needs, calculated in line with best practices.
The subsidiaries must comply with applicable local legislation and the minimum set of core rules designed to prevent serious Human Rights violations. The details and implementation of these rules is described in L’Oréal’s Vigilance Plan (see section3.4.), which also explains the Group’s organisation in the area of Human Rights.
(1) Wages that cover basic needs, calculated in line with best practices and the support of independent experts.
