Consumers and end-users (ESRS S4)

Policies (S4-1)

Data protection is a fundamental right. Data protection and informational self-determination are two of the cornerstones of our free and democratic society. That is why protecting the personal rights of customers, employees and business partners when processing their personal data is one of DB Group’s most important duties.

The protection of our customers’ data is governed by central policies. The management of the Group companies is responsible for implementing the data protection guidelines. Compliance is monitored through internal audits, regular internal checks and feedback from data subjects.

In the design and further development of our data protection policies, we actively incorporate the perspectives of key involved parties, for example by analyzing customer reports.

Data subjects (e.g. customers) are informed about the central content of the data protection guidelines – in particular about their rights, the handling of their data and contact points – on DB Group’s website. External service providers and processors receive the relevant information on the data protection guidelines as part of contract negotiations.

Together with supplementary intra-Group regulations, the data protection guidelines form the binding framework for uniform, legally compliant and transparent data protection within DB Group.

Global data protection guideline

The global data protection guideline defines the minimum standards for the processing of personal data within DB Group. It applies to all Group companies worldwide, especially where there are no local regulations or where these are below DB Group’s minimum standards. The guideline sets out the basic requirements for data processing, specifies responsibilities and describes internal processes and technical measures to minimize risk.

Framework guideline on data protection

The framework guideline on data protection specifies the requirements of the global data protection guideline for all Group companies in Germany. It ensures the implementation of the General Data Protection Regulation (GDPR), minimizes risks such as fines or reputational damage and raises employees’ awareness of their data protection obligations. To this end, it defines aspects including data protection targets, the structure and role of the data protection organization, responsibilities, internal processes and technical measures, for example for dealing with data protection violations.

Go back toMaterial IRO

Move on toEngagement with consumers and end-users, channels to raise concerns or needs and approaches to remedy

Frequently searched

Short and compact: Our Quick Reads

Choose a topic and see your results below

Frequently searched

Policies (S4-1)

Global data protection guideline

Framework guideline on data protection

Frequently searched

Short and compact: Our Quick Reads

Sustainability indices

Filter report by: