Consumers and end-users (ESRS S4)

Actions (S4-4)

A five-year data protection strategy with a focus on GDPR implementation and digitalization was established in 2023 on the basis of the Strong Rail strategy. In particular, it addresses legal and technological developments, for example by data protection supervisory authorities and courts, as well as new technologies such as AI, and thus creates the basis for the continuous further development of data protection at DB Group.

Implementation of the EU AI Act and establishment of AI governance

In 2025, the data protection organization supported the implementation of the requirements of the EU AI Act in DB Group in conjunction with the GDPR and in setting up governance structures for AI. This also included the data protection assessment of AI use cases in the context of AI governance. One example of this was consulting on the AI-based tool KIANA for customer communication at DB Sales. The aim of the measure was to minimize risks related to data protection and compliance by establishing standardized governance structures for the use of AI.

Standardization of tracking and analysis of user behavior in online products

Efforts were made in 2025 to help standardize the tracking and analysis of user behavior in online products (web and app) for comparable cases. The Chief Information Officer (CIO)/Chief Digital Officer (CDO) Board resolved the mandatory application of a uniform Group-wide consent level for data processing with standardized, centrally audited tools for newly introduced applications. This is intended to prevent decentralized liability risks under data protection law and to strengthen governance in the area of tracking and analysis, which is a complex aspect of data protection law. It also creates a uniform public presentation for customers, thereby strengthening trust and recognition value under data protection law.

Data-protection-compliant use of video surveillance

In 2025, the video surveillance technologies in use throughout the Group were inventoried and Group-wide standards were developed to strengthen the data-protection-compliant use of these technologies and the data-protection-compliant processing of the personal (customer) data collected by them. In addition to an in-depth technical evaluation of individual technologies, the specific measures included the development of uniform Group-wide pictograms and data protection notices for various application scenarios.

Support for digitalization initiatives with a customer focus

In 2025, numerous digitalization initiatives with a customer focus were supported in terms of data protection law. The data protection organization ensured that data protection requirements were complied with when implementing new systems and processes and that risks were identified at an early stage.

Action plans 2026

The actions described will be continued in 2026.

Go back toEngagement with consumers and end-users, channels to raise concerns or needs and approaches to remedy

Move on toTargets (S4-5)

Frequently searched

Short and compact: Our Quick Reads

Choose a topic and see your results below

Frequently searched

Actions (S4-4)

Implementation of the EU AI Act and establishment of AI governance

Standardization of tracking and analysis of user behavior in online products

Data-protection-compliant use of video surveillance

Support for digitalization initiatives with a customer focus

Action plans 2026

Frequently searched

Short and compact: Our Quick Reads

Sustainability indices

Filter report by: