Monitoring and evaluating the effectiveness of our approach

Our incident response maturity is internally monitored by appropriate KPIs, which serve as guiding tools and early indicators of potential weaknesses for the group’s Security, Trust, and Safety Team.

On a broader level, we regularly evaluate the progress and effectiveness of our data protection measures, policies, and frameworks through internal data protection maturity assessments. In 2024, we conducted assessments for 15 platforms, providing valuable insights into the risks and maturity levels of our processes. These evaluations help us maintain compliance with statutory, legal, and internal requirements while incorporating developments in the digital landscape and safeguarding the personal rights of data subjects. The results are shared with the respective business units to drive targeted improvements throughout 2025, with progress to be reviewed in the next maturity assessment. Key focus areas identified include data retention and deletion practices, the management of third-party data processors, and completion rates for employee privacy training.