4. Sustainability Report
4.8 Privacy and personal data protection (S1/S4)4.8 Privacy and personal data protection (S1/S4)
4.8.1 Background
L'Oréal is committed to privacy and personal data protection, an issue that is all the more crucial in the era of digital transformation and amid increasingly complex regulations globally. This goal is based on the principles of transparency, confidentiality and integrity, inspired by the 1948 Universal Declaration of Human Rights.
In the area of privacy and personal data protection, L'Oréal:
- handles personal data with respect and strives to uphold the trust people place in it;
- uses personal data protection to create value by developing more secure products and services, working with trusted partners and establishing reliable processes;
- develops a global community working on data confidentiality and protection, promoting and sharing this culture throughout the organisation to ensure constant vigilance and a proactive approach.
4.8.1.1 Material impacts, risks and opportunities related to privacy and personal data protection
| Description | Sub-topics | Policies | Action plans | |
|---|---|---|---|---|
 |
Description L'Oréal holds personal data on consumers and employees, and is responsible for managing this data in accordance with applicable regulations and protecting it from theft or misuse. Personal data poses regulatory risks, for example legal proceedings or regulatory controls as well as a reputational risk related to a loss of stakeholder trust. |
Sub-topics Protection of privacy of own workforce |
Policies Data Privacy at L'Oréal policy for the use of personal data relating to employees and consumers |
Action plans Informing, training, auditing and continuously monitoring compliance with personal data protection standards when processing consumers' and employees' personal data |
|
Description Consumer privacy |
Sub-topics Confidentiality policies for employees in all countries |
Policies Facilitating the exercise of rights and providing an easily accessible point of contact on all platforms for data protection queries from employees and consumers |
|
Confidentiality policy for consumers |
IRO: I- = negative impact; I+ = positive impact; R = risk; O: opportunity.
Time horizon: ST = short term; MT = medium term; LT = long term.4.8.2 Personal data protection policy
L'Oréal strives to comply with the laws and regulations applicable in each country in which it operates. The Group's personal data protection policy is based on six main principles:
- developing a people-centric approach: L'Oréal offers innovative products and services with a personalised experience. This may involve the use of personal data to better meet the needs of consumers. L'Oréal strives to respect each individual, and has a Group-wide data privacy policy which sets out the mechanisms and procedures for responding to users' concerns;
- creating a relationship of trust with employees: L'Oréal handles employees' personal data transparently and in an ethical manner, in accordance with its internal policy, to ensure effective and responsible human resources management. This commitment helps to build a trusting human relations environment;
- demonstrating a commitment to ethics: personal data protection goes far beyond compliance. At L'Oréal, it is also an ethical issue. The Group uses personal data ethically, lawfully and responsibly, and does not collect sensitive information without the consent of the person concerned;
- building lasting trust: L'Oréal firmly believes that trust is essential to building lasting relationships with consumers, employees and shareholders. The Group endeavours to ensure that everyone can maintain control over their personal data;
- involving General Management: supported by dedicated compliance teams, General Management ensures that the personal data protection policy is applied in Group entities; and
- managing risks: L'Oréal recognises that a failure to comply with personal data protection regulations could negatively impact stakeholder trust and harm its reputation. The Group proactively manages these risks in order to prevent any negative impacts.