Data protection


Many people use digital products and services, and trust that their data will be secure. As a globally active company whose business model is based on connecting people and exchanging sensitive data, we believe we have a special responsibility in this regard. In our Data Privacy Policy, we have laid down standards which we apply Group wide. We also use those standards as a guideline in countries where no data protection rules or regulations exist. Through the further development of our standards and with training for employees and managers, we ensure that we comply with prevailing data protection law. Combined with an effective data protection management system, high data protection standards are effective in securing customer, employee and investor loyalty.


Our data protection management system includes web-based training on a variety of data protection issues to sensitize our managers and employees to the importance of data protection and to ensure compliance with our Data Privacy Policy. With online seminars on a range of data protection issues, such as secure handling of personal and customer data, existing knowledge is deepened. In addition, employees received training on the new requirements under the EU’s General Data Protection Regulation issued in 2016. Data Privacy Policy training is mandatory for our managers, and we also intend to include a training module on data protection in the Group-wide Certified initiative.

Privacy Impact Assessment (PIA) was also a central focus of our data protection management system in the reporting year. More than 300 of these assessments were carried out in accordance with national laws and regulations for global IT applications in 2016.

Data Privacy Policy implementation confirmed


Our corporate Data Privacy Policy lays out uniform, appropriate and globally applicable data privacy and protection standards for safeguarding personal data. We also have other data protection rules in place which, based on our corporate Data Privacy Policy, focus on specific areas such as the processing of personal data, direct marketing and e-commerceThe sale of products and services through online sales channels. activities.

The implementation of our Data Privacy Policy is subject to regular external third-party review. Evaluations performed by Corporate Audit in the reporting year yielded recommendations concerning data management practices outside Germany, such as the expansion of auditing activities. We will therefore develop an international audit plan for 2017 based on our existing auditing process.