Data protection
Targets and management approach
Data protection and autonomy should be championed as the foundation for free, democratic and long-established sovereign societies. In DB Group, we aim to establish exemplary, innovative and sustainable data protection processes and set a high level of data protection as a mark of quality, allowing employees, customers and business partners to associate DB Group with trust, respect, transparency and integrity when it comes to data protection. In doing so, we fulfill data protection regulations, particularly those of the EU General Data Protection Regulation (GDPR) and in-house data protection policies.
In order to suitably implement our targets, we are aiming to meet the overarching target of ensuring that the flow of data, both within DB Group and within offices outside of DB Group, is compliant with data protection regulations. We are working toward achieving this by raising awareness of privacy issues throughout DB Group, in particular by informing and training employees, having a high-quality expertise in consultancy work, as well as ongoing measures to raise awareness.
In addition, the data protection level in DB Group is analyzed on an ongoing basis using Data Protection Online Monitoring (DOM). This involves interviewing about 10,000 executives and using their answers to deduce the level of data protection in DB Group and to support specific measures that help optimize data protection among data controllers. Regular data protection audits also ensure a high standard of data protection within DB Group.
We are also committed to innovation and the further development of existing instruments and methods for professional data protection management. Another focal point is the expansion of internal and external networks to improve DB Group’s public image with regard to data protection.
We work toward achieving these objectives through a highly effective data protection organization with central and local units: the Group’s Data Protection team is centrally located, supporting and advising the Group companies regarding compliance with data protection regulations, especially in regard to issues relevant to the Group. There are four departments within the central data protection organization: Employee and Customer Data Protection I (administration) and Employee and Customer Data Protection II (training and communication on data protection) are responsible for protecting employee and customer data, covering various areas of responsibility. In addition to these departments, there are the Audit and Technical Data Protection department and the National & International Data Protection Management department, which is responsible for the national and international guidelines on privacy and manages the entire decentralized data protection organization. This organization comprises, at national level, data protection specialists and authorized data protection representatives, as well as privacy managers at the international level.
Local data protection experts at individual Group companies all over the world are available to employees and managers if they have any questions or concerns about privacy. These experts ensure that the rules are implemented and enforced in accordance with the law.