Policies, Codes and Standards

GSK Code of Conduct

Anti-Bribery & Corruption (ABAC) Programme

The Anti-Bribery and Corruption (ABAC) Programme is part of GSK’s response to the threat and risk of bribery and corruption.  The programme includes the ABAC Handbook, which has been designed to assist internal and external parties understand corruption risk and identify people’s responsibilities to actively combat both real and perceived corruption.

GSK Public Policy Statement on Working with Third Parties​

The Public Policy statement clearly sets out what we expect of our third parties including suppliers, distributors, equity stake holdings and other business partners (known collectively as "Third Parties").​

Our expectations of our third parties are for them to:

• Share our commitment to high ethical standards
• Comply with all applicable laws and regulations and adopt, at a minimum, GSK's Anti-Bribery & Corruption and Labour Rights Principles
• Where relevant, comply with our standards on quality, patient safety, health and safety and the environment
• Create a culture which supports staff reporting of suspected violations of law, rules and regulations, as well as of unethical conduct, without fear of reprisal or retaliation.

Speak Up

Concerns about the behaviour of GSK employees or our suppliers can be raised by clicking the link below.

• Speak Up

Remediation and Reporting of Personal Data Breach

GSK required to report any Personal Data Breach where there is a risk to the rights and freedoms of the Data Subject.

1.     Where the Personal Data Breach results in a high risk to the Data Subject, he/she also has to be notified 72 hours from the time of the breach or as soon as possible unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the Personal Data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the Data Subject directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform Data Subjects, so that they themselves can take any remedial action.

2.     GSK have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or the relevant regulator where GSK are legally required to do so. All suspected breach of Personal Data should be remedied with 1 (one) month from the date of the report of the breach.

3.     If you know or suspect that a Personal Data Breach has occurred, you should immediately contact the Data Protection Officer – Frederick.e.ichekwai@gsk.com GSK will retain all evidence relating to Personal Data Breaches in particular to enable GSK to maintain a record of such breaches, as required by the Data Protection Laws.

4.     Records of Personal Data Breaches must be kept by each employee or member of staff who observes or has reason to believe that a Data Breach has occurred. The record must set out

• the facts surrounding the breach;
• its effects; and
• the remedial action taken

5.     GSK will not be responsible for any Personal Data breach which occurs as a result of:

• an event which is beyond the control of GSK;
• an act or threats of terrorism;
• the remedial action taken
• an act of God (such as, but not limited to fires, explosions, earthquakes, drought, tidal waves and floods) which compromises GSK’s data protection measures;
• war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo; and
• rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises GSK’s data protection measures;
• the transfer of your personal data to a third party on your instructions; and
• the use of your personal data by a third party designated by you.