Laws and corporate rules

To ensure the protection and safety of natural and legal persons, data privacy and security matters are subject to stringent legal guidelines worldwide. In its role as a telecommunications company, Deutsche Telekom is especially committed to compliance with various laws and regulations.

The General Data Protection Regulation (GDPR)

entered into force on 25 May 2016 and is directly applicable in all member states of the European Union without transposition into national law since 25 May 2018.

The Federal Data Protection Act (BDSG) in force since 25 May 2018

together with the data protection laws of the federal states and other sector-specific regulations on data protection in the cases in which the GDPR offers so-called "opening clauses”.

The Telecommunications Digital Services Data Protection Act (TDDDG)

came into force on December 01, 2021 and regulates in particular telecommunications secrecy, data protection in telecommunications and telemedia data protection and the requirements for setting cookies.

Applicable regulations on data protection can also be found at

  • Telecommunications Act (TKG)
    The TKG is the framework directive for telecommunications networks and services. It regulates the telecommunications market and is committed, among other things, to public and customer protection.
  • Telecommunications Interception Ordinance (TKÜV) 
    The TKÜV is based on the TKG and regulates concrete obligations for the technical and organisational implementation of measures for interception of telecommunications.
  • Telemedia Act (TMG)
    The TMG regulates the legal framework for electronic communication and information services offered by means of telecommunication systems, in particular Internet services in Germany. It is one of the central provisions of Internet law.

Within the Deutsche Telekom Group data protection and data security are subject to 

  • the Binding Corporate Rules Privacy (BCRP)
    The BCRP form the Group-wide internal regulations on data privacy. As far as legally possible, the companies of the Deutsche Telekom Group have committed themselves to these Group guidelines. The BCRP are intended to ensure a uniformly high level of data privacy for our products and services. A list of the companies that have implemented this Group Policy on a binding basis can be found adjacent at “More information”.
  • the group policy on organization of data privacy
    This defines the governance and implementation functions for data protection in the German Group companies. It implements roles to assume responsibility for data processing in the Group companies. More information on these roles and functions can be found in our article on “data protection organization”.
  • the group security policy
    The Group guideline on safety contains the main safety-relevant principles of the Group.

These Group guidelines set binding standards based on the international ISO 27001 standard to ensure an adequately high and consistent level of security and data protection within the Group.

The General Data Protection Regulation states that personal data may be processed in a country outside the European Union (so-called third country), in particular if appropriate guarantees are provided for an adequate level of data protection. As such, Deutsche Telekom Group uses the standard contractual clauses recognized by the European Commission or our Binding Corporate Rules Privacy for data transmission within the Group.