EU General Data Protection Regulation being implemented
The main focus of Group privacy was once again the implementation and anchoring of the EU General Data Protection Regulation in DB Group in the year under review. It is to be implemented directly in all European Union member states effective May 2018 and replaces the Federal Data Protection Act. Material privacy principles remain in place, as well as the requirement of legal grounds, the principal of necessity and strict appropriation. Nevertheless, tougher provisions will be in place, particularly regarding customer information, rights of involved parties and IT security requirements. Group privacy has worked out the respective required changes and developed work aids and sample texts together with representatives of the decentralized privacy organization. The privacy organization will provide support for the implementation process in the coming years. It is also important to note how the privacy supervisory authorities will interpret the numerous undefined legal terms in the future.
Digitalization and big data
Digitalization is an important prerequisite for meeting customer expectations. At the same time, HR processes are being digitalized more and more. Digital tools for Group-wide linkage was developed with the DB Planet social intranet. Digitalization is also reflected in the use of flexible and efficient cloud services. The developments have one thing in common: they inevitably involve data. These may allow direct or indirect conclusions about customers or employees, and in some cases result in transfer profiles.
It is therefore imperative that the personal rights of customers and employees be appropriately protected in such cases. The privacy organization supported the departments and project through sound and sustainable advice in privacy and technical aspects. Specifically, the introduction of Office 365 and Windows 10 (BKU X), DB Planet, Amazon Web Services and new sales platforms were supported in the year under review and reviewed for privacy compliance. Through linking with important stakeholders it was possible to address privacy-related issues early on and enhance our awareness that privacy and digitalization are two sides of the same coin.
The focus of the audit program was strongly aligned with technical developments and the introduction of new technologies. The auditing in DB Travel Centers and in the passenger rights area are noteworthy, as are the audits of service providers under the new application management. Conducting privacy online monitoring was another item in focus during the year under review. The privacy regulation survey of all executives is conducted every two years to determine and continually raise the level of privacy in DB Group. In the year under review, the privacy online monitoring focused on the use of cell phones and social media applications. #Digitalization
Further development of professional qualifications and awareness
The high technical quality of the consulting activity of the privacy organization was also further improved in the year under review by customized technical training offerings, particularly in the EU General Data Protection Regulation. To increase the awareness of all employees and executives in DB Group in a targeted way, a “Privacy News” blog was set up in the year under review on DB Planet.
After designation of privacy managers by the national subsidiaries worldwide, cluster calls were set up on a quarterly basis for the America, Europe/Africa and Asia areas along with the general communications platform for mutual sharing of information and presentation of current topics. This networking and transfer of know-how supported the successful introduction of privacy managers in their areas of responsibility.
Preparation of the Group companies affected by the EU General Data Protection Regulation was a core issue in the international context during the year under review as well.
Privacy Advisory Board
Given the extensive digitalization projects in DB Group, innovative and pragmatic solutions are needed to best protect the personal rights of company employees, customers and business partners in an exemplary manner, including going forward. The DB Group Privacy Advisory Board advises the Group Management Board in (strategically) relevant privacy matters to deal with these complex tasks. It also provides support for privacy-related events in DB Group, such as the “Opportunities and risks of smart cams in public spaces” expert workshop. The work of the Advisory Board emphasizes the importance of the continuing commitment to optimum privacy protection as an elementary component of the sustainable strategy of DB Group.
Effective privacy protection is thus a vital contribution to the integrity of commercial activity, directly affecting the quality of the services being provided. Anchoring privacy protection in the corporate culture and pragmatically orienting it enhances the reputation of the company and ensures the success of business operations. The Privacy Advisory Board contributes substantially to the success of the resultant operations. This is particularly indicated by the presentation of the 2017 Privacy Award to employees for particularly outstanding and innovative privacy projects in DB Group.