In order to achieve a high level of data privacy worldwide, data privacy at Deutsche Telekom must be very well organized both nationally and internationally. This is ensured not only by legal requirements, but also by internal Group guidelines that the Group has introduced and implemented on a voluntary basis.
Binding Corporate Rules Privacy
The Binding Corporate Rules Privacy (BCRP) (pdf, 373.4 KB) have been in force at Deutsche Telekom since 2014. BCRP are a group internal guideline, that is mandatory for all Group companies worldwide. Through this policy, Deutsche Telekom committed itself to a very high level of data protection even before the introduction of the General Data Protection Regulation (GDPR). The BCRP have been reworked again with the implementation of the GDPR in May 2018.
Group Data Privacy Officer
The Group Data Privacy Officer at Deutsche Telekom is Dr. Claus-Dieter Ulmer. He is seated in Bonn, Germany. Together with his team Group Privacy that consist of about 60 employees he coordinates the processes of cooperation and agreement on all significant issues regarding data privacy within the Deutsche Telekom Group internationally as well as nationally. The BCRP are the foundation for that. He directly reports to the board of Deutsche Telekom.
Data Protection Officers
The BCRP also prescribe the appointment of data protection officers for each company in the Group, whether or not there is a legal obligation to do so. Therefore, Deutsche Telekom employs over 60 data protection officers outside of Germany, who monitor and control data protection in their companies. They are controlled by the group data privacy officer and ensure the compliance with the high data privacy regulations in their respective company.
National Group Policy Organisation of Data Protection
In Germany, Deutsche Telekom goes even further than that. In addition to the BCRP, Deutsche Telekom implemented the National Group Policy Organisation of Data Protection (pdf, 399.3 KB).
Data Privacy Coordinators
This guideline determines, that the Global Data Privacy Officer carries out the function of the Data Protection Officer. In some cases additional Data Protection Officers have been appointed aswell. He is supported by over 110 Data Privacy Coordinators thoughout Germany. At least 10% of their working time is available for carrying out the Global Data Privacy Officers duties by e.g. executing data privacy trainings or undertaking privacy checks. They are the first point of contact for their colleagues in case they a question concerning data protection.
Data Privacy Bridgehead
In addition to the Governance tasks performed by the Global Data Privacy Officer, the guideline also determines the installation of operational Data Privacy Bridgeheads. They assist the management of the group companies in putting the regulations into practice.
Data Controllers and System Owners
Moreover, the group companies must appoint Data Controllers and System Owners to support the Data Privacy bridgeheads in integrating requirements into the business processes and systems. They ensure that the policies ultimately lead to procedures and processes that comply with data protection regulations.
These group guidelines and the organisation of data protection have been ensuring a very high level of data protection thoughout the Deutsche Telekom for many years. They even exceed the already strong requirements of the DSGVO and guarantee that Deutsche Telekom is well positioned for the upcoming challenges of digitisation in matters of data protection.