25 2021 DECLARAT ION OF NON-F INANCIAL PERFORMANCE DESCOURS & CABAUD 50% 50% 60% 60% 70% 70% 80% 80% 90% 90% 100% 100% 110% 110% 2019 2019 2020 2020 2021 2021 100% 99% 100% 98% 98% 96% Target 100% Target 100% % of requests to exercise rights processed within due time limits % of compliance on the part of European subsidiaries (Companies acquired more than six months ago) The General Data Protect ion Regulat ion (GDPR) The risks of non-compliance with the General Data Protection Regulation (GDPR) include administrative or financial penalties (up to €20 million or 4% of Group turnover), as well as a deterioration in brand image that could lead to a loss of trust that is detrimental to our business. In terms of GDPR, we aim to process 100% of individuals’ requests regarding rights within the time limit and to achieve 100% compliance within six months of an acquisition. Within the Group, one person has been appointed as the Data Protection Officer (DPO). Their role is to monitor the continued compliance with the GDPR for all new projects and acquisitions in Europe. In the event of an acquisition, the subsidiary is monitored and, if necessary, supported in order to maintain or implement compliance with the GDPR. The two companies acquired in 2021 have been subject to this process. RISKS AND CONSEQUENCES MEANS OF CONTROL KEY PERFORMANCE INDICATORS