PENSKE AUTOMOTIVE / 2021 ESG REPORT 26 • Compensation Committee: The Compensation Committee reviews and approves the compensation of each of the company’s executive officers. Additionally, the Committee approves corporate goals and objectives tied to compensation and benefit plans and manages our succession planning. • Nominating and Corporate Governance Committee: The Nominating and Corporate Governance Committee reviews the size, responsibilities and composition of the Board and evaluates new Board candidates as needed. Additionally, the Committee is responsible for the development and implementation of the corporate governance guidelines and Code of Business Conduct and Ethics and oversees our compliance with legal and regulatory requirements and ESG practices and reporting. • Executive Committee: The Executive Committee’s purpose is to be available to act upon matters when the Board is not in session. This Committee did not meet in 2020. A key function of our Board is informed oversight of our risk management process, which risks include, among others, strategic, financial, business and operational, legal and regulatory compliance, and reputational risks. The Board has delegated oversight of our ESG practices and reporting to the independent Nominating and Corporate Governance Committee. MAINTAINING HIGH STANDARDS Our commitment to conducting business with honesty and integrity is captured in our Code of Business Conduct and Ethics . The Code, which includes procedures to report ethical concerns, serves as a source of guiding principles and applies to our entire global workforce, including our Board and executive team. Data Privacy We make it a priority in all areas of our business to respect the privacy of our stakeholders. Our team members are required to protect sensitive personal information from inappropriate or unauthorized use or disclosure. We have also implemented fair and responsible privacy and information protection procedures and data breach response plans that comply with applicable laws. In addition, we are committed to enabling our team members and customers to exercise full rights to their data. In the U.K., we fully comply with the General Data Protection Regime (GDPR) which gives team members and customers the right to see, and in some cases, delete their data. We also fully comply with Adherence to sound principles of corporate governance through a system of checks, balances, and personal accountability is vital to protecting Penske Automotive’s reputation, assets, investor confidence, and customer loyalty.