Approach

A company the size of PepsiCo generates a large volume of business records each day. As outlined in our Global Code of Conduct, each employee is responsible for ensuring that the records in their custody or control are maintained, retained and destroyed in compliance with local legal and regulatory record-keeping requirements. This includes obligations to comply with PepsiCo’s applicable records management policies and local retention schedules.

In the course of doing business, PepsiCo also collects personal data for a variety of reasons, such as:

• Consumer information as part of a marketing promotion,
• Job applicant information in the course of our HR processes, or
• Consumer data collected via engagement with our websites, social media accounts, mobile device applications and more. 

PepsiCo endeavors to protect the personal data of its customers, consumers, employees and others. Protecting personal data helps us to maintain the trust of our business partners, consumers and employees and helps us ensure compliance with applicable laws and regulations.  

PepsiCo’s Global Privacy Policy describes our approach with respect to personal data and incorporates the principles reflected in the model seen here.  

Our privacy principles are designed to promote consistency in PepsiCo’s personal data collection and use practices and are based on globally accepted principles in data privacy.  

PepsiCo built a program designed to comply with applicable privacy laws in the countries where we conduct business. For example, our U.S. Privacy Notice and Europe Privacy Notice outline our data collection and use practices in these respective jurisdictions and provide other disclosures as required by applicable law, such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Similar notices and disclosures are provided in other jurisdictions where required by law.   

Governance and training

In line with PepsiCo’s Code of Conduct, all PepsiCo employees that access personal data in the course of performing their job duties are responsible for complying with all applicable privacy laws and policies, including PepsiCo’s Global Privacy Policy. In addition, PepsiCo’s Global Compliance and Ethics Department, led by the Global Chief Compliance & Ethics Officer, has primary responsibility for promoting, monitoring and enforcing compliance and ethics at PepsiCo, including compliance with PepsiCo’s Global Privacy Policy. We also have dedicated regional privacy professionals that support and guide the business on our privacy activities and operations.

We conduct regular training sessions (some of which may be tailored to the employee’s role within PepsiCo) to keep employees abreast on the latest developments and requirements related to data privacy.

We also maintain several other internal policies and standards relevant to the protection and security of personal data. These policies and standards are guided by international standards and best practices, including those from the National Institute of Standards and Technology. Examples of such policies include:

• PepsiCo’s Global Information Security Policy & Standards
• PepsiCo’s Global Acceptable Use Policy
• PepsiCo’s Data Classification Standards
• Global Information Security Requirements (applicable to third-party service providers)

What's next?

We are mindful that the privacy legal landscape is rapidly evolving throughout the world. As such, we will prioritize compliance with applicable laws and will consider adjusting PepsiCo’s practices, as needed, in response to new legislative developments.