EXPLANATION OF THE IMPACT Digitalization has become a main condition in many industries, and in the retail industry it is necessary to effectively manage operational processes (such as supplies and inventory management), the management of commercial data and personal data, the monitoring of resource consumption, but also the management of internal and external reporting processes. All these processes are necessary for the optimal functioning of our organization and to improve the efficiency of certain processes. In addition to this, non-compliance with legal and European provisions can result in serious damage to the company's image and also large fines in the event of a violation. Cybersecurity HOW WE CONTROL THE IMPACT We use state-of-the-art, integrated information systems at group level and attach great importance to cybersecurity, both for internal and external stakeholders. We make every effort to ensure the protection of personal data and to prevent and combat cyberattacks. The companies of the REWE Group associate the subject of data protection with the responsible processing of personal data. Thus, we consider it a priority to comply with the principles of data protection, from the lawful processing of personal data to the processing of data appropriate to the purpose and ensuring its adequate security. The relevant aspects for cybersecurity are approached multimodally, both locally through the Compliance and Information Security team, and through the IT Governance, GDPR and Group DPO department, with prompt intervention procedures on each of the operational levels of evaluation and audit. OUR IMPACT AND PERFORMANCE IN FIGURES We closely monitor incidents and risk situations in relation to data security breaches. Also in this reporting year, we did not register any significant incidents at the company level on the subject of cybersecurity. Thus, there were no incidents of substantial leaks of personal data and there were no well-founded complaints from external stakeholders. Next, all employees who have access to or are exposed to the activity of working with personal data go through training sessions dedicated to the GDPR theme, through which they obtain the necessary information to fulfill their obligations in the field. MESSAGE FROM THE GENERAL MANAGEMENT SUSTAINABILITY STRATEGY AND GOVERNANCE ABOUT US AND OUR VALUE CHAIN ABOUT THE REPORT THE FUTURE IS MADE TODAY SUSTAINABILITY MILESTONES SUSTAINABILITY REPORT PENNY ROMANIA 2024 102/276
RkJQdWJsaXNoZXIy MjUyMDg2Nw==