www.se.com Schneider Electric 16 2021 Trust Report 6.4 Training and awareness Online training on cybersecurity is mandatory for all employees. This training helps employees to understand what cyber threats they may face and how they should behave to be protected from the risks. At the end of 2021, 99% of Schneider Electric employees have completed this training. Specific employee categories received mandatory training for risks linked to their activity. Schneider Electric implemented the General Data Protection Regulation (GDPR) requirements and specific training was launched to present the major challenges of this regulation. This training is mandatory for Schneider Electric employees in Europe and key functions. 6.5 Data privacy and protection Schneider Electric believes that the global implementation of a digital strategy must reconcile economic objectives and respect for fundamental human rights, including the right to protection of personal data and privacy. Schneider Electric establishes an organization, work streams, policies, procedures, and controls required by the obligations stemming from GDPR and data privacy and protection regulations, including: • Internal data privacy policy and Binding Corporate Rules (BCR). • Training and awareness campaigns. • Processing registers. • Online privacy policy and privacy notices. • Digital assets privacy assessment process. • Data breach management and notification process. • Maturity assessment and audit controls. Schneider Electric has put in place a governance ecosystem including a Group Data Protection Officer, a DPO network, an implementation team, Data Privacy & Protection Champions and Steercos. In 2021, Schneider Electric has strengthened its processes for data breach management, including specific training. It has deployed several awareness programs including on International Data Protection Day and on events management. Schneider Electric has also been rolling out its Global Data Privacy & Protection compliance approach beyond GDPR in China, the USA, and India and in globalizing its standards. A new data protection addendum has been deployed, including the new Standard Contractual Clauses of the European Commission. 7 Human rights 7.1 Risks and opportunities Human rights, which have been a main priority of the Group for a long time, have been growing in terms of risk exposure, due to the increase of legal enforcement, geopolitical influence, and new challenges raised by social, economic, and digital disruptions such as forced labor, living wages, or migrant workers. Schneider Electric has consistently focused on human rights and has the ambition to remain an exemplary company on this subject. Schneider Electric’s review of risks and opportunities related to human rights covers fundamental human rights, decent working conditions and equal opportunities. Fundamental human rights • Respect and dignity: healthy and respectful relations at work between individuals and teams, and towards communities. • No Child labor: defined by the International Labour Organization (ILO) as work that deprives children of their childhood, their potential, and their dignity, and that is harmful to their physical and mental development. • No Forced labor: defined by the ILO as all works or services for which a person has not offered themselves voluntarily or willingly. • Freedom of association: the right for workers to join professional organizations that can defend their interests. Decent working conditions • Health and safety: potential incidents of various degrees of severity related to workplace conditions. • Security at work: physical or verbal violence that may originate from internal or external threats. • Working time and leave: ensuring employees work on a schedule that respects legal time frames, rest periods, and leave provisions, and are given the opportunity to balance personal and professional time. • Wages and benefits: paying employees a compensation that is fair in view of their profile, skills, and qualifications. • Harassment: continuous solicitation with the intention of exhausting a person or forcing that person into unwanted behavior. • Data privacy: securing the data that individuals are placing into the Company’s hands so that their privacy and freedom remain safe and protected. Equal opportunities • Discrimination: creating a situation of inequality based on an employee’s personal characteristic, at work or when hiring. • Diversity and inclusion: risk of introducing several biases that would result in an unbalanced representation of the society inside the Company, and the exclusion of some groups or communities from the Company. • Development of competencies: giving employees the opportunity to learn, maintain, and develop their skills and abilities.