We are trusted by our customers, colleagues, and clients to store, manage and process data safely. This is a responsibility we take very seriously. We regard data protection as a fundamental human right and it is important to us that the data with which we are entrusted is handled respectfully and compliantly.

    As part of this, the risk of cyber attacks impacting business operations is increasingly material, due to the ongoing increase in the volume and complexity of external threats. We continue to take proactive steps to manage and enhance cyber security and controls, making significant investment in the year, including growing our team of experts to 30. Cyber security at Lowell is overseen at Board level by the Group Chief Finance Officer, who has a relevant IT background, and by a member of the Executive Management team who oversees our cyber security strategy.

    When it comes to data protection, each region has appointed Data Protection Officers and has a dedicated Information Risk team responsible for ensuring the business meets its data protection obligations. Each team is headed up by a qualified lawyer specialising in data protection law who reports to the regional Chief Risk Officer as part of the second line of defence in our governance model. 

    In 2022, we redesigned our mandatory training package and launched new modules for data protection and information security, as well as developing additional targeted training for specialist roles. More information can be found on our Governance webpage and a copy of our UK Privacy Promise and our nine commitments on how we manage personal data is available on www.lowell.co.uk.

    These efforts form part of our Sustainability ambition to be a ‘Responsible Business’ and our commitment to uphold the highest standards of good governance, including how we protect data and keep information secure.