Page 16 - RAFI_ESG_20230919

Page 16 - RAFI_ESG_20230919_eng

P. 16

16 GOVERNANCE

tions at each company location. To assess the com- The actions in detail:
pleteness and effectiveness of the local compliance • Rollout of the EU General Data Protection Regula-
organization and to derive appropriate measures for tion (GDPR) for all EU locations of the RAFI Group
improvement, we introduced annual risk assess- • Targeted training of data protection coordinators on
ments in each RAFI Group site in 2021. The imple- how to advise employees
mented measures and their final evaluation have • Appointment of an external data protection officer
demonstrated the comprehensive effectiveness of • DIN ISO 27001 certification of
the compliance structures throughout the Group. RAFI Eltec GmbH in 2022
[GRI 102-30, -34 ] RAFI is audited in the form of an • Rollout of the EU General Data Protection Regula-
external legal audit every two years. Major custom- tion (GDPR) for all EU locations of the RAFI Group
ers also audit us at irregular intervals. The consis- • Targeted training of data protection coordinators on
tently positive results of these audits confirm the how to advise employees
effectiveness of our compliance management. • Appointment of an external data protection officer
• ISO 27001 certification of the company headquar-
[GRI 102-33, 205-2, 206 ] In addition to legal com- ters in Berg in 2021
pliance, prevention is another key compliance task. • Rollout of an information security management
To raise awareness in the workforce, we conduct ap- system (ISMS)
propriate mandatory training courses on our in-house • Annual data protection report provided to the
e-learning platform, including basic compliance train- management team by the data protection officer
ing and courses on topics such as antitrust and com- • Annual information security report provided to the
petition law, anti-corruption, and our whistleblower management team by the ISMS officer
guideline ( see 5.2.6). • Basic training on data privacy and data security
provided to all employees on a regular basis on the
2.1.5 Data privacy and information security company’s in-house e-learning platform
[GRI 418 ] Only companies that handle their busi- • Intensive training on data protection and data
ness and customer data in a trustworthy and respon- security provided to selected departments on a
sible manner can be considered attractive employers regular basis
and reliable business partners over the long term.
RAFI has therefore taken a variety of actions to pro- 2.1.6 Outlook and objectives
tect the data of employees, customers, and suppli- By intensifying the integration and strategic align-
ers in recent years, and there were no reportable in- ment of the entire Group, we are strengthening our
cidents in reporting year 2022. In 2021, our company future-proof positioning within the market. As from
headquarters gained ISO 27001 certification. This 2024, RAFI will be subject to the German law on
was followed in 2022 by the certification of RAFI corporate obligations to prevent human rights viola-
Eltec.

11 12 13 14 15 16 17 18 19 20 21