Responsibility for Data, Privacy and Security

Compliance with information security standards is explicitly demanded by national and international regulation. However, the creation of a trustworthy processing environment requires further voluntary commitment. The secure processing of data and protection of data spaces from external interference must have priority.

Best Pratices


Compliance with statutory and voluntary rules on data protection and data usage should constitute a major objective. Data protection must assume a crucial role within corporate strategies and overall governance. Standards of (automated) compliance management systems are useful to reduce administrative burdens. The increasing complexity and requirements of compliance procedures also demand the delineation of new roles and responsibilities. A regular exchange mechanism among stakeholders can be beneficial for the successful implementation of compliance measures.

Internal Stakeholders: Departments on business development, CSR, sustainability, data privacy, and information security, legal, technology; employees, works council

External Stakeholders: Customers, suppliers

  • Awareness-raising measures targeting all internal and external stakeholders
  • Integration of privacy protection measures into regular business processes
  • Considering the particularity of data categories (non-personal data/ personal data)
  • Assessment of the levels of protection
  • Data mapping
  • Record of data processing activities

  • Awareness-raising measures targeting processes and behaviour of employees
  • Appointment of a data officer
  • Establishing guidelines on the processing of data (Code on Data Ethics)
  • Expansion of the procedural records

  • Software for ISMS and DSMS/ possible migration of BCM
  • ISO 27xxx
  • BSI requirement catalogues/basic protection compendium
  • ISAC
  • ISO 27701