4.8.3 Action plans in place
In order to embed privacy and personal data protection ever more deeply in the Group's culture, L'Oréal is rolling out various initiatives:
- adhering to a common framework: L'Oréal has drawn up the 10 Key Points on Personal Data Protection charter and a global GDPR-inspired policy – Data Privacy at L'Oréal – which employees in all countries must adhere to;
- maintaining a network of personal data protection professionals: at every level of the organisation (Group, business, Zone, Country), a dedicated network coordinates and monitors personal data protection compliance;
- rolling out a global programme: L'Oréal has set up a global programme to support employees in the application of personal data protection regulations, including tools and user guides that integrate personal data protection into projects by design;
- regularly reviewing procedures: privacy policies and personal data protection procedures are regularly updated to ensure that they comply with local laws and regulations;
- encouraging supplier compliance: L'Oréal requires its suppliers to comply with personal data protection and cybersecurity standards, supported by certifications and maturity assessments;
- providing training on personal data protection: the Group runs training programmes to inform internal teams of their personal data protection responsibilities, holding regular sessions, workshops, online courses and events;
- conducting controls and audits: L'Oréal conducts internal audits to assess compliance with personal data protection laws and internal policies, and tracks action plans using dashboards. These audits are included in its annual audit plan submitted to General Management and the Audit Committee for approval. The audit plan takes into account the findings of earlier audits and local risk assessments by zone managers and Data Privacy experts; and
- providing a direct point of contact for data protection queries: L'Oréal has set up a dedicated email address that consumers and employees can use to ask questions of Data Privacy Officers regarding the protection of their personal data.
4.9 Human rights in the value chain and affected communities (S2/S3)
4.9.1 Background
This section outlines how L'Oréal manages human rights issues by integrating human rights principles into its practices and making efforts to influence its value chain. L'Oréal's value chain analysis enables the Group to identify potential human rights risks at all levels of its supply chain, including for Tier 1 subcontractors. In the event of human rights issues or incidents, L'Oréal takes a risk-based approach with regard to the supply chain and involves Tier 1 suppliers in the implementation of action plans, as specified in the Vigilance Plan (see section 3.5.4.1). In line with its human rights policy, the Group strives to:
- take human rights issues into account through policies in its conduct as a responsible business;
- identify and assess the main potential and proven negative impacts on workers in the value chain and on affected communities;
- stop, prevent and mitigate breaches of internationally recognised human rights and fundamental freedoms, using a risk-based approach in accordance with the United Nations Guiding Principles on Business and Human Rights (UNGPs) and laws such as the French Duty of Care law. In particular, this means working with L’Oréal's stakeholders, especially those directly affected, to resolve situations of risk or harm. L’Oréal also works with peers and other industries to amplify its impact in the short, medium and long term;
- monitor the implementation and results of action plans;
- communicate transparently on how impacts are dealt with; and
- remedy damage using its own resources or in cooperation with other organisations.
The Group is also preparing for the application of the various aspects of the European Corporate Sustainability Due Diligence Directive, aimed at strengthening the protection of human rights and the environment.
