Targets and management approach
Data protection and data autonomy should be championed as the foun-dation for free, democratic and long-established sovereign societies. In DB Group, we aim to establish exemplary, innovative and sustainable data protection processes and set a high level of data protection as a mark of quality, allowing employees, customers and business partners to associate DB Group with trust, respect, transparency and integrity when it comes to data protection. In doing so, we fulfill data protection regulations, particularly those of the EU General Data Protection Regulation (GDPR) and in-house data protection policies.
In order to suitably implement our targets, we are aiming to meet the overarching target of ensuring that the flow of data, both within DB Group and within offices outside of DB Group, is compliant with data protection regulations. We are working toward achieving this by raising awareness of data protection issues throughout DB Group, in particular by informing and training employees, having a high-quality expertise in consultancy work as well as ongoing measures to raise awareness.
In addition, the data protection level in DB Group is analyzed on an ongoing basis using Data Protection Online Monitoring (DOM). This involves interviewing about 10,000 executives and using their answers to deduce the level of data protection in DB Group and to support specific measures that help optimize data protection among data controllers. Regular data protection audits also ensure a high standard of data protection within DB Group.
We are also committed to innovation and the further development of existing instruments and methods for professional data protection management. Another focal point is the expansion of internal and external networks to improve DB Group’s public image with regard to data protection.
We work toward achieving these objectives through a highly effective data protection organization, comprising central and local units: the Group’s Data Protection team (HP) is centrally located, supporting and advising the Group companies regarding compliance with data protection regulations, especially in regard to data protection issues that are relevant to the Group. There are four departments within HP: employee and customer data protection is managed by Employee and Customer Data Protection I, Administration (HPB), together with Employee and Customer Data Protection II, Training and Data Protection Communication II (HPF), as well as the Technical Data Protection and Audit Department (HPA) and the Data Protection Systems and Audit Department (HPA(S)), each with different areas of responsibility. The National&International Data Protection Management Department (HPM) is responsible for national and international data protection directives and runs the entire decentralized data protection organization. This organization comprises, at the national level, data protection specialists (FDS) and authorized data protection representatives (VPDS), as well as data protection managers (PM) at the international level.
Local data protection experts at individual Group companies all over the world are available to employees and managers if they have any questions or concerns about data protection. These experts ensure that the rules are implemented and enforced in accordance with the law.
In keeping with our sustainability approach, we attach great importance to set information security processes, which also play a direct role in new IT/operational technology (OT) projects. This helps us to ensure that security is factored in from the outset. New procedures are constantly being created to defend against cyberattacks.
We are also working with German universities on the topic of cyber-security to support research in this field and to fulfill our social and corporate commitment to training for the future.