Data privacy Governance ESG REPORT 2022-23 ESG is an opportunity Evolving notion of privacy ENVIRONMENT Today, there is a much greater adoption of digital and emerging technologies in everything we do. Approach to sustained DP compliance The tools and technologies that we use at work have brought in a great deal of operational ease SOCIAL and efficiency, making life much simpler. Often, the incentives to use these are so compelling, At Infosys, we constituted the data privacy the time of data collection to both internal that choice is only notional. On the other hand, Data Privacy (DP) regulations around the world function over a decade ago as an independent and external data subjects and the privacy GOVERNANCE are demanding greater accountability from us, to ensure that these are not intrusive when business enabling function reporting to statement for external data subjects is also deployed. Many of these tools, platforms and processes have the propensity to breach privacy if the management and using the globally made available in the public domain. These Performance on governance goals not deployed with due diligence. Hence, at Infosys, the Data Privacy Office (DPO) an independent recognized PIMS (Privacy Information are constantly updated to reflect the changes function, ensures careful balancing before deploying them. Management System) framework. We complied in personal data processing or applicable DP Corporate governance with all applicable data privacy regulations regulations. Data privacy in fiscal 2023 in building applications and Privacy Statement Information management platforms, or while executing client projects, by introducing appropriate privacy safeguards. Infosys does not do behavioral advertising. Our Data Privacy Policy published in the Infosys also does not use personal data for Company intranet, demonstrates our the secondary purposes. Whenever there is a Management's commitment to privacy and change in the purpose, data subjects are applies to the entire operations including notified of the new purpose through privacy service providers. To ensure complete notices. transparency, we provide privacy notices at Infosys - Privacy Statement. CONTEXT IMPROVEMENT INTERESTED PARTIES MEASUREMENT ISSUES AND EXPECTATIONS RISK ASSESSMENT SCOPE AND TREATMENT PIMS OBJECTIVES VISION SOA MISSION RISK AND POLICY OPPORTUNITIES Diagram 1: A robust framework to continuously improve data privacy Infosys | ESG REPORT 2022-23 External Document © 2023 Infosys Limited 60