Data protection
Management approach and targets
Data protection and autonomy should be championed as the foundation for free and democratic societies. Throughout DB Group, we aim to establish exemplary, innovative and sustainable data protection processes and set a high level of data protection as a mark of quality, allowing employees, customers and business partners to associate DB Group with trust, respect, transparency and integrity in relation to data protection. In doing so, we fulfill data protection regulations, particularly those of the EU General Data Protection Regulation (GDPR) and in-house data protection policies.
In order to suitably implement our vision, we are firmly committed to meeting the overarching target of ensuring that the flow of data, both within DB Group and with external entities, is compliant with data protection regulations. We are working toward achieving this by raising awareness of data protection issues throughout DB Group, in particular by informing and training employees and by having a variety of digital and analog awareness-raising measures in place as well as high-quality data protection consulting expertise. Another focal point is the expansion of internal and external networks to improve DB Group’s public image with regard to data protection.
We are also committed to innovation, the further development of existing instruments and methods, and the standardization of processes for professional data protection management. In order to ensure that data potection is applied and implemented reliably within DB Group, we operate a data protection management system that enables us to fulfill information and disclosure rights and obligations to furnish evidence at any time in a transparent and legally admissible manner. In addition, regular data protection audits ensure a high standard of data protection.
We work toward achieving these objectives through a highly effective data protection organization, which is divided into centralized and decentralized organizations within DB Group. The Group’s Data Protection team is centrally located, supporting and advising the Group companies regarding compliance with data protection, especially in regard to data protection issues that are relevant to the Group.
There are four departments within the data protection organization, two of which work in different areas of responsibility within employee and customer data protection (one in administration or training, and the other in communication and management of the Group data committee). Another department deals with audits, technical data protection and the internal data protection systems. The fourth is responsible for the national and international data protection directives and manages the entire local data protection organization. At the national level, this consists of data protection experts, data protection officers and, at the international level, privacy managers.
Local data protection experts in DB companies all over the world are available to employees and responsible persons if they have any questions and concerns about data protection. These experts ensure that the rules are implemented and enforced in accordance with the law.
Customers, employees and applicants can therefore rely on us to ensure a high level of data protection, for example when developing new business models and when introducing and making changes to the processing of personal data.