Approach

PepsiCo’s Global Privacy Policy & Privacy Principles 

Our Global Privacy Policy applies a global standard to PepsiCo’s approach to data privacy. The Policy incorporates ten Privacy Principles, which are intended to establish good data privacy practices, allow us to comply with data privacy laws and regulations and outline PepsiCo’s approach to the handling and use of the data we collect, generate and hold.  

PepsiCo’s Privacy Principles 

Our Privacy Principles are designed to promote consistency in PepsiCo’s personal data collection and use practices and are based on globally accepted principles and standards in data privacy.  

PepsiCo complies with applicable privacy laws and regulations across the jurisdictions where we operate. For example, our U.S. Privacy Notice and Europe Privacy Notice outline our data collection and use practices in accordance with requirements under applicable privacy laws, such as the California Consumer Privacy Act and the General Data Protection Regulation.   

Governance and training

In line with PepsiCo’s Global Code of Conduct and Global Privacy Policy, all PepsiCo employees that access personal data in the course of performing their job duties are responsible for the management of data privacy risks, with oversight by appropriate risk forums. We regularly evaluate PepsiCo’s privacy practices to ensure that we adhere to our Global Privacy Policy and applicable laws. Additionally, PepsiCo’s Global Compliance and Ethics Department, led by the Global Chief Compliance & Ethics Officer, has primary responsibility for promoting, monitoring and enforcing compliance and ethics at PepsiCo. We also have a dedicated Privacy Office and other privacy professionals operating globally to support and guide the business on our privacy activities and operations.

To ensure that our employees and senior management understand the risks associated with data privacy, we conduct regular training sessions, some of which may be tailored to employees’ roles within PepsiCo to keep them updated on the latest data privacy developments and requirements.

In addition to our Global Privacy Policy, we maintain several other internal policies and standards relevant to the protection and security of personal data. These are guided by legislative and regulatory requirements, international standards and best practices, including those from the U.S. National Institute of Standards and Technology. Examples of our internal policies include:

• PepsiCo's Global Biometric Privacy Policy
• PepsiCo's Global Responsible AI Policy
• PepsiCo’s Global Information Security Policy & Standards
• PepsiCo’s Global Acceptable Use Policy
• PepsiCo’s Data Classification Standards
• Global Information Security Requirements (applicable to third-party service providers)
• Global Employee Privacy Notice

What's next?

We are mindful that the privacy legal landscape is rapidly evolving throughout the world and that stakeholder expectations are changing. As such, we continue to prioritize compliance with applicable laws and consider adjusting PepsiCo’s practices, as needed, in response to new legislative developments and stakeholder concerns.