Protecting privacy and information security Data privacy and information security are top business contractors to comply with all applicable privacy regulations Information Officer (CIO). Together, they are responsible for priorities for GXO. and we regularly monitor their compliance. network security, engineering processes and continuous As a company with a focus on technology, automation and We track our performance in this regard through monitoring improvement across information security domains in support innovation, we recognize that our ability to secure systems and and auditing our procedures for the management of personal of GXO’s business strategies and priorities. The team data is paramount to our ability to deliver for our customers data, the logging of any data security incidents (whether or partners with leaders from across our global regions and and employees. GXO rigorously protects our confidential and not they involve personal data), working with our country-level provides reports to the Board of Directors. proprietary information from unauthorized use or disclosure. coordinators to understand any country-specific differences Our information security leader serves on GXO’s Global This includes information about the company’s strategies and and issues and logging subject access requests (the exercise Risk Committee (GRC), which monitors and addresses the operations, business plans, employees, customers, suppliers, by data subjects of their rights under applicable privacy laws). company’s most significant global risks. To support the financial status, trade secrets or any other information Working across all levels of the organization, from the Board to identification and management of information security unavailable to the public. leadership and other employees, GXO is focused on meeting risks, the CISO meets monthly with broader information Our data privacy and protection approach is guided by our our information security obligations while integrating best technology leadership, including the CIO and executives own Data Protection Policy as well as the EU Data Retention practices into the way we do business. As we further our use of from the infrastructure team. The information security team Policy and the General Data Protection Regulation (GDPR) automation and expand our global footprint, we will continue also participates in the monthly executive operating review Privacy Policy. A cross-functional GXO Privacy Team works to improve our information security systems and processes to and reports regularly to the Audit Committee. with country-level coordinators to identify requirements, set keep pace with these changes and new system demands. policies and organize regular communication and training for Our global information security team is led by our Chief employees on privacy issues. GXO also requires suppliers and Information Security Officer (CISO), who reports to our Chief 76 | 2021 ESG Report ©2022 GXO Logisitcs, Inc. HOME E S G