We aim to comply with national and European laws and regulations regarding our industry. Our risk management policy states that we are averse to the risk of non-compliance with relevant laws or regulations, and to non-compliance with our own codes, contractual agreements, and covenants.

In 2018 we initiated a Compliance Programme to analyse our risks and to improve our risk management mechanisms throughout the organisation.

We mapped our compliance areas in a risk matrix and defined improvement actions related to our high priority compliance areas. We defined GDPR (EU General Data Protection Regulation), PCI DSS (Payment Card Industry Data Security Standard), ethics and integrity as high priority areas.

Figure 30 Map of compliance areas


Our GDPR team, consisting of Q-Park country and corporate privacy officers with external support, had the necessary procedures in place in all Q-Park countries in time for 25 May 2018, the date GDPR came into force.

Although GDPR has transitioned from a project to the operational phase, this area requires ongoing attention to ensure compliance with:

  • data retention periods and clean systems

  • data processor agreements at corporate and country level

In addition, we will continue our awareness and training programme regarding information security policies and guidelines.


PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. Compliance with the standard is required from all organisations that handle branded credit cards from Visa, Mastercard and AMEX. PCI DSS is intended to protect sensitive cardholder data. Validation of compliance is performed annually.

Figure 31 PCI DSS compliant

Organisations that store and process credit card information must comply with PCI DSS guidelines, regardless of the size of the organisation and regardless of the number of transactions. The guidelines are widely set up and include detailed measures at both business and ICT levels. Policies, procedures and technical measures are all part of the package.

PCI DSS distinguishes between transactions (expressed in levels). The greater the number of transactions an organisation processes annually, the higher the level and the stricter the measures. These may vary from fines per incident to termination of the contract.

As cashless payments at parking facilities continue to increase, Q-Park relies considerably on card transactions. Compliance to these standards are therefore critical to our operations.

Ethics and integrity

As a provider of high-calibre parking services, Q-Park considers compliance to high ethical and integrity standards very important.

In 2018, the Compliance Programme team prepared an ethics and integrity project plan which includes a statement of the project objectives, approach and deliverables - including the Q-Park Integrity Policy. In the coming year the team will continue its work, culminating in a training and awareness programme to raise awareness of the importance of this compliance area and to make improvement actions sustainable.


  • We developed a strategic Compliance Programme to analyse our risks and to improve our risk management mechanisms throughout the organisation.

  • For GDPR, all necessary procedures in place in all Q-Park countries in time for 25 May 2018.

  • Validation of compliance with PCI DSS.

  • Q-Park Integrity Policy developed and published.

Employee training

We value our employees and want them to be confident about the various elements of their work. To assist this, we aim to give our employees regular training and professional development opportunities.

In our materiality analysis, we found that anti-corruption was seen as material by our stakeholders. This year, there were no confirmed incidents of corruption. However, we will keep measuring this and include an anti-corruption training in the general training package for employees.


Across all countries, including head office in the Netherlands, employees in managerial and non-managerial positions receive an average of 17.2 hours training each year.

Chart 12 Employee average training hours

Health & Safety

Our aim is to increase our employees' engagement as well as contribute to their health and safety.

Q-Park has 2,378 employees (2,146 FTEs). The majority of these people work in or near our parking facilities as Parking Hosts. Our social relevance for operational employees is considerable. Together with the retail and cleaning sectors, we are committed to helping people who like to take a practical approach. We are a binding factor; we offer varied work and a certain status, so all colleagues feel appreciated.

Q-Park promotes the health and safety of customers and employees. We achieve this mainly by training our employees and equipping them for their work, and by creating a safe and healthy working environment. We also offer our employees the opportunity to learn lifesaving skills so that they can help someone both at home and at work.

Every year, we receive millions of visitors in our parking facilities at all hours of the day. Unfortunately, it is inevitable that our employees will encounter aggressive or inappropriate behaviour. We offer Parking Hosts conflict management training so they can learn to deal with such situations.

Figure 30 Active mobility teams



  • Training to learn how to use an AED, a skill most appreciated around family and friends

  • Active mobility teams who can be dispatched by QCR at a moment's notice

  • Climate control and over pressure in the Parking Hosts' lodge to limit car fumes in work area


  • Less cash in our parking facilities, we proactively encourage cashless payments

  • Conflict management training to learn how to deal with aggression

  • CCTV monitoring and footage is available