To mitigate personal data risks, we have appointed a Chief Information Security Officer, adopted the NIST cybersecurity maturity standard and established a dedicated IT, Data and Technology Risk Forum under the GRMC. We provide training and engage experts to conduct penetration testing. Our operating companies have cyber incident response plans. Please see our 2021 Annual Report for details of our risk governance structure.
During 2021, there were no convictions for non-compliance with laws and regulations relating to customer privacy that would have a significant impact on the Group.