We stand for security and the responsible handling of data.
Our customers, our employees, our shareholders, regulatory authorities, and the general public rightly expect us to handle the data they entrusted to us with care. For us, data privacy and the security of data and technologies are more than just a responsibility; we consider them a concern of particular importance to us. With our Binding Corporate Rules Privacy (BCRP) (pdf, 373.4 KB), we committed ourselves to a very high level of data privacy in 2014, well before the GDPR came into force.
We take data privacy seriously – which is also reflected in the organizational structures in the Group that we have created to ensure compliance with data privacy, both at national and international level. In addition to data privacy and protection, transparency regarding how we use and process data is a central issue for us. We openly report what data we use and for what purposes, how long we retain it, and under which special circumstances we have to disclose it.
Our certified “privacy by design” processes ensure that protection of the data entrusted to us is integrated from the very beginning. All Deutsche Telekom projects are categorized according to their security relevance. This is the starting point for our Privacy and Security Assessment (PSA) process (pdf, 734.4 KB). The PSA process is a core element in safeguarding security and data privacy. It ensures a consistent, adequately high level of security and data privacy in all products, systems, and platforms. We conduct training courses and awareness measures to support our employees in its implementation.
Aside from technical excellence, all of these elements require appropriate governance – embedded in roles and responsibilities. As part of the Technology & Innovation Board of Management department (V TI), the Security unit follows a “security by design” approach in the strategic steering of the Group in every topic of security – including data security, information security, cybersecurity, physical and personal safety, misuse detection, and business continuity management – with a holistic, convergent, integrated security management approach and concept. It includes internal measures for protection along the value chain (training courses) supporting business activities, and as the outwardly oriented Security business area with its product and service portfolio.