CYBERSECURITY EXPLAINING THE IMPACT With the continued digitization in recent years, cybersecurityhasbecomeamajorissueforbothbusinesses as well as the public. Digitization is a prerequisite for sustained growth in our industry, and cybersecurity plays an important role in terms of legal compliance as well as our company's image and reputation. The development of our business cannot continue without meeting the minimum conditions of technological modernization and ensuring the protection of the data we manage. The protection and security of personal data is a strategic direction assumed at management level, materialized by specific policies in this regard. These policies underpin our activities to comply with legal requirements and allow us to allocate resources for the proper monitoring and management of this aspect. HOW WE CONTROL THE IMPACT We take every necessary step to ensure the protection of personal data and to prevent and combat cyberattacks. We use state-of-the-art IT systems and attach great importance to cybersecurity for both internal and external stakeholders. Within our company we use dedicated and globally renowned IT systems. We constantly implement dedicated systems to ensure the highest degree of protection against cyber-attacks, such as firewalls, antivirus and IT protection software. These systems are used both proactively to continuously monitor data transfer flows and reactively to minimize the impact of potential cybersecurity risks. We document, verify and process any requests from clients or supervisory authorities in relation to data protection. The team responsible for cybersecurity management is responsible for ensuring that personal data is processed in accordance with applicable rules. OUR IMPACT AND PERFORMANCE IN FIGURES Since the entry into force of the GDPR Regulation in 2018, the importance of proper monitoring compliance in the processing of personal data under the GDPR and local legislation has become essential at both local and group level. Accordingly, relevant issues in this context are being addressed using a multimodal approach, both locally through the Compliance and Information Security team as well as through the IT Governance, GDPR and the Group DPO, with prompt intervention procedures in place on each of the operational levels of assessment and audit. The effectiveness of proactive measures to avoid potential risks of GDPR incidents is important within the company and is carried out at all levels and with all company employees. As a priority, we focus on ensuring the flawless application of existing prevention methodologies at the level of operational departments that carry potential GDPR risks. SUSTAINABILITY REPORT PENNY ROMANIA 2022 84/250 SUSTAINABILITY STRATEGY ABOUT US AND OUR VALUE CHAIN THE FUTURE IS MADE TODAY SUSTAINABILITY HIGHLIGHTS MESSAGE FROM THE GENERAL DIRECTORS CONTENTS SUSTAINABILITY STEP BY STEP
RkJQdWJsaXNoZXIy MTk3NjE0OQ==