Focus on consulting and audit
Issues resulting from the GDPR continued to be an important focus in data protection advice in the year under review. In addition to monitoring Federal agencies and courts, the further development of instruments introduced by the GDPR, such as joint control, also played a central role.
Another focus was consulting on transformation and digitalization, both in terms of theory and applications. For example, topical subjects such as the use of artificial intelligence (AI) played a role, as were specialist data protection issues that arose, such as in the case of the wifi@DB project. The implementation of various rulings from the European Court of Justice (ECJ) regarding online marketing and the use of social media to target applicants and customers raised numerous questions.
Regarding employee data protection, procedures that required data subjects to be notified of data processing were dealt with in the data committees within the individual DB Group companies, and Group-related topics were dealt with in the Group data committee. In addition, the Group Data Protection function closely coordinated with the relevant data protection supervisory authorities on several procedures.
Another focus was on the ongoing project for the Data Protection Management System (DPMS). This involves improving knowledge management in the entire data protection organization and for all data controllers within DB Group, creating more transparency in the area of data protection and implementing the new legal accountability obligations for all personal data processors within DB Group.
In addition, there was extensive work to prepare for the online survey DOM, which was conducted for the fifth time in autumn 2019. DOM provides an overview of the data protection level within DB Group and also serves as a self-assessment tool thanks to a comprehensive range of tutorials.
In addition to the ongoing audit of Group data protection procedures for customers and employees, other highlights in the year under review included auditing the providers and partners of new innovative mobility platforms within DB Group and conducting ongoing assessments of the new central sales system in passenger transport to verify its compliance with data protection legislation