ÖBB Annual Report 2023

Group Management Report 172 Österreichische Bundesbahnen-Holding Aktiengesellschaft Consolidated Financial Statements | Group Management Report 127 Other significant measures Diversity and equal opportunities (excerpt) The ÖBB run | Participation in the ASICS Austrian Women’s Run. Sexual orientation | Organisation of first network meetings by QBB in the regions. Cooperation with the Austrian Integration Fund (ÖIF) | ÖBB is cooperating with the Austrian Integration Fund as part of the “Compass – Career paths for immigrant women 100 women, 100 opportunities” project to familiarise immigrant women with career paths and job opportunities. “Being Pride" | 2023, the rainbow month was celebrated in full at ÖBB. Female Power Walk on International Women’s Day | Action on International Women’s Day 2023 for more equality. SHE goes DIGITAL | The project invites girls, women returning to work and women aged 50+ to discover the opportunities offered by digitalisation. G.12. Compliance | Transparency | Data Protection | Human Rights ÖBB is one of the largest companies in Austria and is publicly owned. This results in a special responsibility in the areas of compliance / transparency, data protection and human rights. The Group Compliance department has been centrally installed at ÖBB-Holding AG to ensure consistent and uniform prevention of economic crime and corruption in particular. Similarly, the topic of “data protection” is centrally located in the Group Law department at ÖBB-Holding AG. Key figures at a glance 2023 2022 Number of employees who have completed the training “EU General Data Protection Regulation 2018” and comparable e-learnings 4,379 2,767 Number of employees who have completed the “EU General Data Protection Regulation 2018” training course 1,601 2,037 Data protection in practice for managers (NEW 2021) 102 9 Data protection in practice for employees (NEW 2021) 2,676 721 Reports based on data breach notification duty (ÖBB Group) GRI 418-1 3 3 Completion rate of the e-learning compliance, which is made available to employees with IT access and is also established in the onboarding process, among other areas, in per cent >90% >90% Data Protection A public company such as ÖBB attaches great importance to acting responsibly and preventively. The absolute confidentiality of information must be ensured, especially for business partners, employees and customers. ÖBB employees and managers need effective and adequate support in complying with data protection in this respect. For this reason, the ÖBB-Group has set up a comprehensive data protection management system (DSMS). The system is based on a multi-level structure consisting of the data protection policy document, the corporate directive on data protection, data protection documentation and a data protection manual. The DSMS is also geared towards a continuous improvement process in line with the international standards ISO 9001 and ISO / IEC 27001. This is done in accordance with the basic idea of the Plan-Do-Check-Act model (PDCA - Plan, Do, Check, Act). In each ÖBB-Group company, a data protection officer is entrusted with monitoring compliance with legal and internal regulations. They advise both management and employees on all data protection issues. Mandatory training sessions are held to familiarise employees with the basics and new developments in data protection. In addition, data protection audits are performed to subject the existing system to regular review. GRI 2-26 Highlights Data Protection 2023 Approx. 120 employees were informed, sensitised and kept up to date on the topic of data protection during eleven half- day and two-hour training sessions, most of which were held in person. | MR127