Public awareness of privacy issues has increasingly grown in recent years, and greater attention is being paid by stakeholders to how companies approach data privacy. Global data protection laws have become more prevalent and rigorously enforced. Even before the EU General Data Protection Regulation (GDPR) became effective in May 2018, we had developed, and will maintain, a Global Privacy Program (GPP) to establish a new global standard for data privacy across our markets and functions.
The GPP was developed and deployed using an internationally recognized privacy management system. The program is designed to support our functions and affiliates within the EU to achieve and demonstrate GDPR compliance, and to embed policies and practices
that facilitate data privacy compliance. Outside the EU, the GPP sets the GDPR as our global standard, ensuring that our whole organization is aligned to a high standard of privacy practice.
Core to GPP is greater central governance
for data privacy, whereby specific people lead on data privacy for markets and functions. Our External Affairs and Information Protection and Governance group have come together to run a central privacy office. Meanwhile, our Data Protection Governance
Board also reports twice per year to the Corporate Risk Governance Committee. The GPP also mandates practices that the GDPR introduces or enhances, in areas such as data privacy impact assessments, awareness and training, privacy compliance assessments,
personal data inventories, and data subject rights. Additionally, many existing data protection approaches have been reviewed and strengthened, such as the principle of transparency and the management of third-party risks.
