Universal Registration Document 2022

Groupe Profile

In terms of business, one of the Groupe’s historic principles is its refusal to take part in partisan communications campaigns of any kind. The Groupe refuses to work for political parties, cults or ideological propaganda organizations, and refuses any request for funding, contribution or free support.

Several Janus excerpts are available on the Groupe’s website, in the CSR section.

Indicators 2021 2022  Objectives for 2025
% Employees trained in internal Janus Code of Ethics

% Employees trained in internal Janus Code of Ethics

2021

61

% Employees trained in internal Janus Code of Ethics

2022 

85*

% Employees trained in internal Janus Code of Ethics

Objectives for 2025

100

Of which % ABAC (Anti-Bribery & Anti-Corruption)

Of which % ABAC (Anti-Bribery & Anti-Corruption)

2021

55

Of which % ABAC (Anti-Bribery & Anti-Corruption)

2022 

89 

Of which % ABAC (Anti-Bribery & Anti-Corruption)

Objectives for 2025

 

Of which % GDPR (Data Protection)

Of which % GDPR (Data Protection)

2021

67.7

Of which % GDPR (Data Protection)

2022 

74 

Of which % GDPR (Data Protection)

Objectives for 2025

 

Of which % GSO (Data Security)

Of which % GSO (Data Security)

2021

70

Of which % GSO (Data Security)

2022 

75 

Of which % GSO (Data Security)

Objectives for 2025

 

 

*Training on the Janus Code of Ethics takes various forms: online training in Marcel, awareness-raising sessions during programs for new employees, and more specific internal sessions for certain positions.

4.2.3.2 Data protection: Role of the Global Data Privacy Office (GDPO)
1) Governance, organization and mission

GDPO (Global Data Privacy Office) is a team of specialized lawyers, legal experts and experienced professionals, experts in data protection issues, working under the supervision of the Chief Data Protection Officer (CDPO). The GDPO is part of the Groupe’s Legal Department, which reports to the Secretary General. Its role is to oversee the data protection program, advise agencies on protection issues and help them with risk management. It also participates in various professional bodies or joint initiatives such as IAB EU’s Transparency & Consent Framework, and the IAB, US’ CCPA Framework. From an operational point of view, the GDPO relies on its Global Data Privacy Operations Team (GDPOps) including Privacy Leads and Data Privacy Stewards in the various countries, in charge of implementing and monitoring the compliance program. The GDPO and GDPOps teams work closely with the GSO, the Global Security Office, as soon as there is a data security question. A Groupe process is dedicated to incident response (Incident Response Process) to manage cybersecurity incidents and data breaches.

The data protection policy is based on the principle of privacy-by-design and must ensure compliance with applicable laws and best practices. This very early stage approach facilitates cooperation with all teams from the earliest stages of a project, so that data protection is well integrated into systems and solutions, and in close contact with client-side teams and their partners. The following principles are applied:

i) ensure that each claimant can exercise his or her rights; ii) review data protection policies and procedures; iii) carry out regular assessments to identify any problems and, if necessary, implement rectification plans.

Even if the field of data protection requires a certain expertise, all Publicis Groupe employees must understand and apply the fundamental principles of data protection, and thus have a vision of each person’s obligations and role in the project. Training for all employees takes place every year with reminders on the European GDPR (General Data Protection Regulation), the CCPA (California Consumer Privacy Act) as well as on data security. Specific training was delivered also and as needed.

As required by law, the Groupe offers consumers access to their privacy rights. For example, with Epsilon, certain rights can be exercised using an automated tool: https://legal.epsilon.com/dsr. In addition, in the United States, Epsilon indicates in its privacy policy the number of requests received by consumers during the previous year: https://legal.epsilon.com/us/NA-products-privacy-policy

2) Certification

In 2022, for the second year, Publicis Groupe was assessed by CyberVadis and remained in the top 1% of companies in terms of security and data protection (score for 2022: 645/1000, thanks to the joint work between the GDPO and the GSO).

The Groupe’s data protection policy is publicly available on the Groupe’s website, in the CSR library. Data protection issues are centralized and each employee can directly contact the GDPO and its teams: privacyofficer@publicisgroupe.com.