Exact takes information security, including personal data-related security, very seriously. We have established dedicated operational processes to manage it, appointed dedicated security staff and installed an internal reporting mechanism to facilitate proper decision-making in case an incident occurs.
We are strongly committed to complying with all relevant legislation, including the Dutch Data Protection Act. A key mechanism in managing information security is our Compliance Committee, in which we discuss any security incidents that have been detected and analyzed by our Corporate Information Security Officer. The Compliance Committee consists of the heads of Legal Affairs, Global HR and Risk & Internal Audit and is chaired by the CFO. When needed, this committee can and will act immediately.
We believe that transparency on the quality of service we deliver is essential. This is why we voluntarily publish important security incidents we have encountered. In our view, security incidents can always happen; what matters is how often they occur and how we deal with them.
This section lists the three most recent security incidents discussed in the Compliance Committee; these are incidents we assessed as being important, or incidents we did not yet know how to classify since we had never encountered them before. The incidents have been anonymized, but they provide insight into the types and severity of incidents that occur, as well as the actions taken. This section shows how seriously we take security and data privacy and is proof of our effort to be exemplary in this field.