52 PRT GROUP /SUSTAINABILITY REPORT 2021 The assessment is based on international standards such as GRI (Global Reporting Index), the ISO 26000 and the principles of UNGC (United Global Compact). Following the change in evaluation standards compared to previous years, EcoVadis rated the company with a BRONZE score for Corporate Social Responsibility (CSR Rating). PRT intends to obtain a better score through policies aimed at improving environmental practices and sustainable purchasing. 3.3. Privacy and Cybersecurity Privacy and Cybersecurity are two crucial issues in the development of PRT Group’s policy, as the company operates in a sector where data protection is fundamental. The ongoing advancement of technology and the evolution of norms oblige companies to be constantly updated in order to keep a high level of cybersecurity. 3.3.1. Privacy protection In 2016, the EU Regulation GDPR no. 2016/679 entered into force, and it changed the rules on processing personal data. The GDPR put the principle of accountability at the core. According to this, companies must adopt – or demonstrate having implemented – technical measures and organizational models aimed at ensuring that data processing respect the abovementioned Regulation. Therefore, the protection of personal data must be integrated within corporate processes; also, specific actions must be envisaged in order to monitor and manage possible accidents. PRT Group has therefore implemented a Cybersecurity Policy. It is a document aimed at indicating how to protect information resources from all threats – being them organizational, technological, internal or external, accidental or intentional – in order to guarantee confidentiality, integrity and the compliance with the current norms. Moreover, the Management procedure for cybersecurity accidents was introduced; it contains detailed information on actions to be taken in case of security accidents, both from a technical and legal point of view, by reporting to competent authorities. There are two people in charge within the company: one IT Systems Manager, and one IT systems security Manager. Moreover, PRT Group appointed a Data Protection Officer (DPO), who is to watch the management of personal data processing and their consequent protection within the company in compliance with the GDPR Regulation.
RkJQdWJsaXNoZXIy NDUyNTU=