The highest standards of data privacy and data security are core characteristics of our brand identity. In 2008 we created a Board of Management department for Data Privacy, Legal Affairs and Compliance as well as the Group Privacy unit. This has given us the necessary capacities for effective data protection. The responsible Board member is supported by the independent Data Privacy Advisory Board, which comprises renowned experts from politics, science, business and independent organizations. The Board was founded in February 2009.
The Telekom Security business unit commenced operations at the beginning of 2017. The new unit combines the security activities from various Group areas, thereby reinforcing our portfolio of cyber security solutions.
Consistent transparency toward the public
Transparent communication on the topic of data protection is a long-standing tradition at our company: We have been providing information about our activities since 2008, initially in regular data protection reports and, since 2016, on our data protection website www.telekom.com/en/corporate-responsibility/, where we now provide up-to-date and important information about new developments related to data protection and secure handling of personal data.
Since 2014, we have also been publishing an annual transparency report. In the report we disclose our obligations to cooperate with German and international security agencies. The section on protecting consumers and minors elaborates on how we ensure the safety of our products and services.
Regular employee training courses
Telecommunications companies are obliged to provide new employees with information on data privacy regulations. We go above and beyond these legal requirements. Every two years, we train all of our employees in Germany and commit them to data privacy and telecommunications secrecy. Corresponding requirements for our national companies are in place. We have also introduced specific training in the customer and human resources departments, where the risk of data abuse is higher. This training includes online courses for independent learning, presentations on data privacy and face-to-face courses on specific topics such as data protection at call centers. This helps us make sure that all employees have in-depth understanding of the relevant data privacy policies.
Annual review of measures through audits and certifications
We conduct an annual Group data privacy audit to measure and improve the general data privacy standards throughout the Group. 30 percent of the Group employees, who are randomly selected, are asked to participate in an online survey. The Group data privacy audit is supplemented by self-assessments completed by the data privacy officers at the national companies on implementation of the requirements defined in our "Binding Corporate Rules on Privacy."
Based on the results, the Group Privacy department identifies need for action at the respective departments and requires them to implement improvement measures. To this end, the Global Data Privacy Officer holds personal meetings with the responsible directors, managers and data privacy officers at the different departments. The Group Privacy department supports implementation of the improvement measures by providing information and advice and conducts a follow-up evaluation. Unusual audit results are taken into consideration when planning the follow-up audit.
We also have our processes and management systems as well as products and services certified by external, independent organizations such as TÜV, DEKRA and auditing firms. The technical services company TÜV Nord confirmed once again this year that Deutsche Telekom’s IT systems are secure.