Groupe Renault - 2019 Universal Registration Document

02

ETHICS AND GOVERNANCE RENAULT: A RESPONSIBLE COMPANY

Cybersecurity and data protection 2.5.4

Cybersecurity 2.5.4.1 To manage risks and protect its data, Groupe Renault has set up an organization/governance and operational measures in matters of cybersecurity. (The details of these measures are shown in chapter 1.6.1.3 – Risks related to cross-group functions). 2.5.4.2 Compliance with personal data protection rules opens up a golden opportunity to strengthen trust between Renault s.a.s. and its stakeholders (shareholders, customers, suppliers and employees). Trust is a value in which Renault s.a.s. believes particularly strongly, and personal data protection is one of the main ethical bases for our actions. Given this commitment, in 2011, Renault designated a data-protection correspondent with an extended scope to the French data protection authority (CNIL). Subsequently, the Group implemented legal, technical and organizational measures to ensure compliance with French data protection law no. 78–17 dated January 6, 1978. More recently, in May 2018, Renault appointed a Data Protection Officer (DPO) in order to comply with the General Data Protection Regulation (GDPR). Since June 2019, this has been a full-time role performed by a dedicated expert. Data protection

The Data Protection Officer relies on a network of GDPR officers (known as Privacy Ambassadors) in each department, who are responsible for managing the compliance of personal data processing within their own scopes. A legal team dedicated to the protection of personal data has also been created, together with multi-disciplinary working groups bringing together all of Renault’s functional departments. Given the prospect of its digital transformation, developments to its connectivity and data-related activities (mobility services, connected vehicles and autonomous vehicles) in order to comply with the general data protection regulation (GDPR), Groupe Renault launched a program to ensure the implementation of an organization, governance, processes and tools intended to protect the personal data of its employees and its customers/users. Renault is also involved in working groups led by the Comité des Constructeurs Français d’Automobiles (CCFA) and by the European Automobile Manufacturer’s Association, on the specific topic of connected services. Groupe Renault takes all necessary precautions in order to ensure that personal data is processed safely an in line with regulations.

230 GROUPE RENAULT I UNIVERSAL REGISTRATION DOCUMENT 2019

Find out more at www.groupe.renault.com