Consumer privacy

Data privacy

Protecting the personal data of our consumers, employees and other stakeholders is of paramount importance to Nestlé. The digital landscape is constantly and rapidly changing, with new challenges arising continually. In this environment, Nestlé seeks to anticipate and respond to consumer expectations, data security threats, and regulation regarding data privacy. Our approach is founded on an evolving internal data privacy governance framework of clear, robust internal standards and an organisational structure empowered to enforce it.

  • Nestlé’s Privacy Policy lies at the heart of our consumer privacy framework. It features six key principles that all employees and contractors of Nestlé companies must comply with when processing personal data. Such data must:

    • Only be processed for specific and legitimate business purposes;
    • Be processed fairly and lawfully;
    • Be properly managed;
    • Be protected against unauthorised processing and damage;
    • Be accessible when in the form of data collections; and
    • Not be transferred to third parties or other countries without adequate safeguards.

    Additional restrictions apply to processing sensitive personal data. We are strengthening this further through the development of a new Data Processing Standard, covering the processing of all personal data from collection through to deletion.

    To the best of our knowledge, we had no substantiated data breach complaints to report for 2015.

  • Nestlé’s Group Data Privacy Organisation is tasked with seeking to reinforce capabilities and controls across the Group. It manages the Nestlé Data Privacy Framework and provides advice, support and guidance on its implementation. It is increasingly supported by data privacy officers and champions, who are being progressively appointed in our businesses and markets, creating a broad Nestlé Data Privacy Organisation.

    The Data Privacy Organisation works closely with our internal IS/IT Security, Marketing and HR functions in executing the Nestlé Data Privacy Framework.

    Additionally, a number of individuals of our Data Privacy Organisation are members of professional bodies and actively contribute to the wider data privacy debate through international conferences and other forums. We also engage with national and regional data privacy regulators, either directly or through representatives.

  • Our data protection work was further strengthened during 2015, when we carried out the following actions:

    • Implemented a standard on privacy in digital marketing;
    • Worked with the CGF to adopt Consumer Engagement Principles (CEPs). The CEPs are intended to act as a framework for how companies engage with their consumers to promote an environment of trust, particularly in relation to personal data;
    • Adding to the network of data privacy specialists by appointing several new data privacy officers and champions in Switzerland in 2015, with further appointments to be made globally next year;
    • Rolled out e-learning across the company; and
    • Launched new, more transparent and clear communications about privacy for Nestlé websites.

Related content