NEOPOST - 2018 Registration document

4

Risk factors and internal control

Risk factors

Legal risks

Risks

Risk management system

Lower risks New regulations

As of today, the Group is not aware of any governmental, legal or arbitral proceedings likely to have a material impact, or which had over the past 12 months a material impact on the Group’s financial position or profits.

The Group legal councel department and its local delegates follow the evolution of regulations. Group projets are launched to adapt the Group's processes to new regulations such as Sapin II law and GDPR (1) .

Intellectual property

The Group is the owner of its trademarks and has about 340 families of patents published. Neopost registered 9 patents in 2018. The geographical coverage of these patents is essentially European and American.

Neopost is not dependent on any single patent which might bring the Group’s level of business or profitability into question.

Technologic risks

Risks

Risk management system

Higher risks Data protection

Neopost decentralized organization and growth by acquisitions lead to great diversity in terms of data base.

The Group information security officer reports to the Group IT director and is in charge of the definition and application of Group security policies. In terms of security, postal audits were conducted successfully in all countries concerned in 2018, and continuous improvement plans are designed to meet postal requirements every year. The Group security policy has been updated. Based on the ISO 27001 standard, the policy started to be rolled-out early 2017, particularly in markets that commercialize SaaS offerings. Requirements relating to the GDPR (1) ruling has also been addressed in these planned roll-outs to ensure compliance as of May 2018. The main responsibility of the head of Information Systems is to ensure that the Group’s information system strategy is coordinated and consistent, and that Group policy is applied at local level. The Group head of information systems leads a network of subsidiary information system managers who also report to the Chairpersons of their respective subsidiaries. This new organization steps up the contribution made by IT resources to innovation as well as facilitating the integration of new SaaS products.

Lower risks Information systems

Neopost decentralized organization and growth by acquistions lead to great diversity in terms of information systems.

General Data Protection Regulation (1)

70

REGISTRATION DOCUMENT 2018 / NEOPOST