GN has implemented several policies, actions, and targets for managing product safety and data privacy related risks. As data privacy and product safety are strictly regulated by international and local laws, targets are mainly determined based on these regulations. Given the compliance-based nature of IROs, GN has not directly engaged with consumers and end-users when setting targets, tracking performance, or when identifying lessons learnt.

Regular management review meetings ensure that the target and KPIs are continually aligned with regulatory requirements and industry best practices. Vigilance processes are aligned with national and international regulatory requirements, where specific deadlines dictate the timeline for reporting incidents. We employ a trigger-based monitoring approach for CAPA (Corrective and Preventive Actions), where certain thresholds (e.g., exceeding specific KPI limits) automatically initiate a root cause analysis.