|
Ongoing communication |
The Group’s Human Rights Policy and Employee Human Rights Policy are communicated to all Group employees. 100% of the subsidiaries have communicated on at least one human rights subject(1)The scope of consolidation of human rights data arising from ethics reporting is identical to that of social data.. |
|---|---|
|
Learning |
A specific training for Management Committee members has been rolled out and is regularly updated. A specific online learning programme on ethics and human rights is compulsory for all employees, regardless of the their business line. At the end of 2022, 87% of the relevant employees had completed it. A new version was launched in July 2023 following the release of the new Code of Ethics. This new version includes a section on Human Rights and offers interactive and personalised content. As at 31 December 2023, 66% of the relevant employees had already completed it. In 2023, 143 purchasers were trained in responsible purchasing practices, which includes a module on human rights. This is compulsory for any new purchaser. 100% of the Group’s subsidiaries included issues related to human rights in their local learning programmes. |
The Group attaches great importance to the principle of transparency and aims to establish a relationship of trust with its stakeholders. It ensures that its responsible use of personal data is underpinned by the protection and security of that data.
In support of this ambition, the Group’s principles governing the processing of personal data (Data Privacy) have been shared all over the world to raise the awareness of all employees about respect for ethical principles and the legal and regulatory requirements in this area. These principles are supplemented by a framework of policies, procedures and operational guidelines.
The Group has put in place a structure based on a Data Privacy Office (Global DPO Office), which consists of a Legal unit and a Programme unit. A Group Data Protection Officer (DPO) was appointed in 2018 and a network of Country DPOs has been set up worldwide and is growing in strength (47 DPOs in 2023). This structure also relies on a network of Personal Data Protection Officers in each region and in each business area (IT, Digital, Marketing, HR, Research & Innovation, Retail, Operations etc.). They are responsible for rolling out personal data protection policies that are tailored to the challenges and specific features of their fields.
A Global Strategic Data Privacy Committee was set up to establish strategic guidelines and ensure the personal data protection programme is rolled out. Led by the Group DPO, this Committee is composed specifically of the Chief Financial Officer, the Chief Ethics, Risk and Compliance Officer, the Group General Counsel and the Chief Information Officer. For the sake of consistency and operational efficiency, a Steering Committee is in place for each Zone.
This governance ensures the Group’s compliance with different laws, such as the GDPR in Europe, the CCPA in California, the LGPD in Brazil, the PIPL in China or the POPI Act in South Africa. It ensures stakeholder involvement and that client, supplier and business processes are adapted to applicable local laws.
In order to comply with European rules, the Group has established a record of data processing performed in Europe. This tool is also offered in countries not subject to the GDPR that wish to use it.
In support of the privacy by design principle, the Group has rolled out a digitalised tool that is available to operational staff. This tool helps them to ensure that a project complies with operational principles and rules relating to personal data protection from the very start and to carry out the required privacy impact assessments.
All employees within the Group have access to an awareness‑raising programme on the protection of personal data. Specific learning programmes are available for the main functions. An Intranet site dedicated to this subject can be accessed at any time by all employees worldwide.
The Group Internal Control organises annual self-assessment of the implementation of the personal data protection compliance programme for all countries and functions.
As part of the Group’s digital activities, the Internal Audit Department conducts audit checks on the protection of the personal data of consumers. Since 2019, a specific audit programme on personal data protection has been aimed at all European countries that are subject to GDPR, conducted by an independent auditor.
(1) The scope of consolidation of human rights data arising from ethics reporting is identical to that of social data.
