2024 universal registration document

L'Oréal has developed a strong, multilayered governance structure to ensure consistent and effective personal data protection around the world. This governance structure plays an important role in implementing the Group's policy and programme:

• the Global Strategy Committee, which includes the Ethics, Risks and Compliance Department, the Legal Department, the Internal Audit Department, as well as the Purchasing, IT, Cybersecurity, Digital and Marketing, Human Relations, Data Governance and Research & Innovation departments. The Committee meets twice a year or as required to analyse risks, provide strategic recommendations to General Management and define the overall data protection strategy;
• the Steering Committee at zone level, which coordinates the implementation of the programme in the Group's different countries, ensures compliance with local legislation, such as the GDPR in Europe, the CCPA in California, the PIPL in China, and the LGPD in Brazil. The Committee ensures that the programme is implemented consistently and assesses the impact of regulatory developments in each zone; and
• the personal data protection committee at country level, which, under the supervision of the country chief executive officer, brings together all stakeholders involved in personal data processing. The Committee ensures that projects comply with personal data protection programme guidelines and plays a key role in raising awareness of the issue.

These governance bodies are supported by a wider community of personal data protection officers and experts who encourage collaboration, share knowledge and ensure consistent application of personal data protection principles worldwide.