4.8.1.1 Material impacts, risks and opportunities related to privacy and personal data protection
| Description | Subtopics | Policy | Action plan | |
|---|---|---|---|---|
|
|
Description L'Oréal holds personal data on consumers and employees, and is responsible for managing this data in accordance with applicable regulations and protecting it from theft or misuse. Personal data poses regulatory risks, for example legal proceedings or regulatory controls, and risks of fines (such as those provided for by the General Data Protection Regulation (GDPR) in Europe), as well as a reputational risk related to a loss of stakeholder trust. |
Subtopics Protection of privacy of own workforce Consumer privacy |
Policy Data Privacy at L’Oréal policy for the use of personal data relating to employees and consumers Confidentiality policies for employees in all countries Confidentiality policy for consumers |
Action plan Informing, training, auditing and continuously monitoring compliance with personal data protection standards when processing consumers' and employees' personal data Providing a direct point of contact for data protection queries from employees and consumers |
O IRO: I- = negative impact; I+ = positive impact; R = risk; O: opportunity.
Time horizon: ST = short term; MT = medium term; LT = long term.
4.8.2 Personal data protection policy
L'Oréal undertakes to comply with the laws and regulations applicable in each country in which it operates. The Group’s personal data protection policy is based on six main principles:
- developing a people-centric approach: L'Oréal offers innovative products and services with a personalised experience. This may involve the use of personal data to better meet the needs of consumers. L’Oréal is committed to respecting each individual, and has a global data privacy policy which sets out the mechanisms and procedures for responding to users' concerns;
- creating a relationship of trust with employees: L'Oréal handles employees' personal data transparently and in an ethical manner, in accordance with its internal policy, to ensure effective and responsible human resources management. This commitment helps to build a trusting human relations environment;
- demonstrating a commitment to ethics: personal data protection goes far beyond compliance. At L'Oréal, it is also an ethical issue. The Group uses personal data ethically, lawfully and responsibly, and does not collect sensitive information without the consent of the person concerned;
- building lasting trust: L'Oréal firmly believes that trust is essential to building lasting relationships with consumers, employees and shareholders. The Group endeavours to ensure that everyone can maintain control over their personal data;
- involving General Management: supported by dedicated compliance teams, General Management ensures that the personal data protection policy is applied in Group entities; and
- managing risks: L'Oréal recognises that a failure to comply with personal data protection regulations could negatively impact stakeholder trust and harm its reputation. The Group proactively manages these risks in order to prevent any negative impacts.