Discover our Code of Conduct

Safeguarding Data Privacy and Protecting Information

Sanofi is committed to data privacy and information security at every level of our organization for the benefit of patients, our employees, and stakeholders and to ensure full compliance with regulatory obligations.

Digital transformation, AI and data democratization are strengthening how Sanofi interacts with people and organizations to achieve our purpose. Processing data, from collection to storage, is now a key component of our relationship with patients, healthcare professionals, members of the scientific community, customers and users of our products and services, and our employees and business partners. To safeguard data privacy, we have implemented a Global Privacy Governance and Risk Framework that ensures optimal protection of personal data. We have also adopted a Cybersecurity and Security Framework to maintain the security and confidentiality of our information technology systems, assets, information, and databases.

How we Maximize Opportunities

  • By implementing and constantly enhancing best practices in data privacy and information security, Sanofi builds trust in and provides legal certainty for our vital data and sensitive information ecosystem.
  • By providing expertise, guidance and support to our employees and stakeholders, we help them make the right decisions when collecting, processing, and sharing personal data, in line with our values.
  • By applying a risk-based approach in designing proportionate controls to maintain operational efficiency while meeting the privacy expectations of patients, individuals and regulators.
  • By enabling Sanofi’s digital strategy through providing innovative tools and guidance, we implement privacy-by-design and data security as of the initial stages of each project.
  • By developing a pro-active approach to data privacy, we align our objectives and foster confidence with data protection authorities and other regulatory bodies.

How we Minimize Risks

  • We recognize the variations of regulations in the countries where we operate and we implement a Global Privacy Governance Framework and Information Protection policies, consisting of standards, procedures, templates and tools designed to ensure compliance with applicable privacy laws and security standards.
  • We protect Sanofi information against the risk of loss and unauthorized disclosure using Information Classification Standards. It applies equally to information about Sanofi, its employees, its patients, and its business partners. Any person sharing confidential information without permission, will face disciplinary actions.
  • We create a secure space with a high level of trust, with an Information Technology and Solutions Usage policy that states the rules that each user must adhere to when using Sanofi systems.
  • We prevent security events through specific procedures as well as physical, logical, organizational, and technical measures and dedicated programs to address insider-risk and external threats.
  • We actively detect and manage security and privacy events such as cyberattacks, personal data breaches and data subject rights requests, ensuring relevant parties are informed and supported.
  • We ensure each project involving personal data applies privacy-by-design and transparency principles through a step-by-step compliance roadmap.
  • We conduct due diligence and active monitoring to help ensure Sanofi only works with reliable business partners when transferring personal data inside or outside the company while ensuring that adequate contractual measures are implemented to safeguard all transfers.

  • We appoint a network of privacy officers and champions across Sanofi to provide practical expertise and support where and when it matters and to coordinate with our stakeholders.
  • We increase general awareness through education and communication to reinforce our culture of privacy and information protection, making us more resilient to security threats.