GN has implemented several policies, actions, and targets for managing product safety and data privacy related risks. As data privacy and product safety are strictly regulated by international and local laws, targets are mainly determined based on these regulations. Given the compliance-based nature of IROs, GN has not directly engaged with consumers and end-users when setting targets, tracking performance, or when identifying lessons learnt.

To address the material risk related to data privacy, our Data Privacy Code of Conduct and Data Privacy Policy are created to ensure that all GN employees have the knowledge to mitigate risks and to ensure that GN complies with relevant data protection regulations as the General Data Protection Regulation (GDPR). Our Data Privacy Code of Conduct guides how all employees process and protect the consumer and end-user data that GN handles. The Data Privacy Policy also describes processes for collecting, processing, and protecting consumer and end-user data and applies to all employees in GN.

A key ongoing initiative to ensure compliance with our Data Privacy Policy and GDPR regulation is a GDPR risk assessment. As part of this, questionnaires are sent to business process owners via our compliance application. The aim with the initiative is to assess data privacy risks across all business processes including alignment with the EU AI Act, where AI systems and models are used in connection with personal data.

Another ongoing initiative to contribute to compliance with our Data Privacy Policy and work procedures is 'zero trust technologies'. It assumes that individuals, devices, and services that are attempting to access company resources, even if inside the network, cannot automatically be trusted. The initiative has resulted in significantly reducing any intruders’ ability to breach GN systems and data.