Implementation of the EU General Data Protection Regulation
After being enacted in May 2016, the EU General Data Protection Regulation (GDPR) has had a binding effect since May 25, 2018. Deutsche Telekom implem...
After being enacted in May 2016, the EU General Data Protection Regulation (GDPR) has had a binding effect since May 25, 2018. Deutsche Telekom implemented the requirements contained therein in a three-stage, EU-wide project:
- Preparation: Group Privacy drew up a set of standardized rules, known as Binding Interpretations, that apply to the entire Group. They were developed in collaboration with the national companies. The Binding Interpretations include specific recommendations and best practice examples to implement the EU regulation.
- Implementation: From January 2017 to May 25, 2018, the new requirements based on the Binding Interpretations were introduced throughout the Group. This involved checking and, where necessary, adjusting all the IT systems. All employees were made aware of the General Data Protection Regulation, and more than 10,000 experts received intensive training.
- Evaluation: The implementation period was followed by a review phase during which all affected Group entities were asked whether they had put all relevant requirements into action. In addition to this, GDPR compliance was randomly inspected at 28 companies.