The Data Processing Addendum (DPA) has been systematically distributed to suppliers, partners and publishers. Together with the legal teams, due diligence is then done with the suppliers on two aspects: personal data protection by the GDPO and security checks by the GSO.
Operating procedures have been tailored to each industry’s constraints and enable the Group to be highly responsive if corrective measures have to be taken to bring suppliers into line with Group standards.
Information security is everybody’s responsibility. It involves protecting the Group’s sensitive information and that of its clients. The entire security program is overseen by a central, dedicated team within the Global Security Office (GSO), which brings together highly experienced professionals, whose expertise is certified by international standards including CISSP, CISA, CISM and CRISC to mention but a few. The GSO is responsible for the policies, guidelines and standards applied across the Group, with governance in direct contact with the Company’s Top management for the validation of guidelines and action plans.
The information security program takes an approach that is based on continuous risk assessment and monitoring of the rules applied.
The GSO oversees a number of programs such as compliance, risk management, security testing, technical reviews, service continuity plans and educating employees about these risks. Particular attention is paid to training all teams using different methods (blogs, articles, videos, etc.) in six languages (French, English, Spanish, Chinese, Portuguese, German) to build a culture of security across the entire Group.
One team is dedicated to monitoring the risks of cybercrime (ransom malware, phishing, etc.), and the Security Office Center (SOC) is operational 24/7 and ready to intervene to safeguard infrastructures, systems, information and data. Response time is key to guaranteeing fluid continuity of service for users. The GSO is responsible for business continuity planning (business continuity plan) and disaster recovery planning (disaster recovery plan).
Vulnerability testing by teams takes place regularly and is subjet to annual audits by an independent third party.
GSO teams work closely with agency project teams to ensure compliance with client expectations. This means following external certifications such as ISO 27001 or more specific standards such as the Payment Card Industry Data Security Standard (PCI DSS) or the Health Insurance Portability Accounting Act (HIPAA). The Group’s Information Securities Policies are aligned with ISO 27001 standards and several Group entities in India and the United Kingdom are ISO 27001 certified. The GSO monitors these certifications.
With the integration of Epsilon, specialist teams joined the GSO enabling compliance programs to be extended, with close third-party monitoring of other certifications: ISO 27001, ISO 22301, PCI DSS, HIPAA, Service Organization Control (SOC) 1 and 2, GDPR/CCPA (European General Data Protection Regulation/California Consumer Protection Act).
The GSO works closely with the GDPO (see above section) on various compliance issues. The work of the GSO is monitored by the Group’s Senior management.
The GSO oversees and monitors the partner and supplier evaluation program, in partnership with the Procurement Department. Formal security assessments have to be carried out to identify and anticipate possible risks (see Section 2 of this document).
Environmental awareness has grown sharply in recent times and studies carried out by our agencies on consumer expectations clearly highlight aspirations towards more responsible consumption.
We need to encourage new sustainable and responsible methods of consumption amongst our clients. Advertising and communication are still vital when it comes to raising the profile of companies’ products and services and developing their client (citizen-consumer) business and jobs over the long-term. At the same time, there has never been a time when so many products and services have been on offer. The end customer is highly volatile and demanding, always searching for the best quality/price ratio at any given time, sometimes resulting in a number of contradictions.
It is important to Group agencies that citizen-consumers are always able to exercise their free will and make informed choices. In light of the challenges facing our society today (reducing inequality, climate change, etc.), many people want to change consumption patterns, but this is a process that involves the opinions and desires of everyone. Agencies aim to act both as supporters and facilitators of behavioral change, and support their clients with their complex transformation projects. The Group’s commitment to responsible marketing is to be applied at all times.
