CYBERSECURITY EXPLANATION OF THE IMPACT Digitalization has become a primary condition in many industries, and in the retail industry it is necessary to effectively manage operational processes (such as procurement and inventory management), business data and personal data management, resource consumption monitoring, and the management of internal and external reporting processes. All these processes are necessary for the optimal functioning of our organization and to improve the efficiency of certain processes. In addition to this, failure to comply with legal and European provisions can result in serious damage to the company's image and large fines in case of a violation. HOW WE CONTROL THE IMPACT We use cutting-edge IT systems, integrated at Group level and we attach great importance to cybersecurity, both for internal and external stakeholders. We make every effort to ensure the protection of personal data and to prevent and combat cyberattacks. The companies of the REWE Group associate the subject of data protection with the responsible processing of personal data. Thus, we consider it a priority to comply with the principles of data protection, from the lawful processing of personal data to the processing of data appropriate to the purpose and ensuring their adequate security. The relevant aspects for cybersecurity are addressed multimodally, both locally through the Compliance and Information Security team, and through the IT Governance department, GDPR and the Group DPO, with prompt intervention procedures in place on each of the operational levels of assessment and audit. OUR IMPACT AND PERFORMANCE IN FIGURES We closely monitor incidents and risk situations regarding data breaches. Even in this reporting year, we did not register significant incidents about cybersecurity at the level of PENNY Romania. Thus, there were no incidents of substantial leaks of personal data and there were no well-founded complaints from external stakeholders. Further, all employees who have access to or are exposed to the activity with personal data go through training sessions dedicated to the GDPR theme, through which they obtain the necessary information to fulfill their obligations in the field. SUSTAINABILITY REPORT PENNY ROMANIA 2023 100/256 MESSAGE FROM THE GENERAL DIRECTORS SUSTAINABILITY STRATEGY AND GOVERNANCE ABOUT US AND OUR VALUE CHAIN ABOUT THE REPORT THE FUTURE IS MADE TODAY SUSTAINABILITY MILESTONES CONTENTS
RkJQdWJsaXNoZXIy MjUyMDg2Nw==