Please activate JavaScript!
Please install Adobe Flash Player, click here for download

Balance 2015 ENG - Data protection and data security

The Corporate Data Protection department ensures that Germany’s Federal Data Protection Act (FDPA) is applied across the Lufthansa Group. It familiarizes our employ- ees with the relevant legal provisions and conducts regular data protection audits. In addition, the Group’s data protection experts advise the departments when new systems are introduced and procedures are designed or modified. This allows for the coordination of data protection and business concerns at an early stage. The all-important first step is to make employees and managers aware of the risks related to data protection, so that they are able to detect and avoid them. During the reporting year, the emphasis of advice was on using customer data in ways that conform to data protection standards. Meanwhile, the conflict between German data protection legislation and ever-more frequent demands for passenger informa- tion from foreign authorities remains unre- solved (see page 76, Balance 2014). Mandatory guidelines ensure data protection The framework for secure data handling within the Lufthansa Group is defined by its Data Protection Guidelines. Based on laws such as the FDPA and established principles of data protection, they spell out concrete obligations regarding compliance with data protection laws. These guidelines also define rules to ensure Group-wide conduct that is compliant with data protection law, make risks related to data protection trans- parent, and safeguard against such risks. An updated version of the Data Protection Guidelines has been in effect since December 2, 2014. In particular, the new chapter “Responsibility for data protection abroad” takes into better account the rising data protection requirements in countries outside of the EU. Furthermore, these rules were integrated into the Group guidelines for the purposes of handling data relating to orders. Data protection is the responsibility of the Executive Board and the management of the respective Group company. They are assisted in the discharge of this responsibil- ity by the Corporate Data Protection depart- ment, headed by Dr. Barbara Kirchberg- Lennartz. As in 2013, the Lufthansa Group recorded no significant risks or sanctionable violations concerning the protection of per- sonal data in 2014. Moreover, data disclo- sure requests and customer feedbacks were handled in a timely fashion as a rule. Systematic training Training and informational measures con- cerning data protection are aimed at famil- iarizing employees and managers with the necessity of data protection, the key terms, the organization of data protection within the Lufthansa Group, and specific issues concerning individual areas. The Web-based training course “The fundamentals of data protection” is man- datory for many Lufthansa employees. After signing an agreement to compliance with data confidentiality, new hires and job changers must complete this training within a short time. Since September 2014, the ensuing training certificates are valid for only three years, as opposed to the previous five years. In addition, the Group offers short specialized trainings online for certain target groups to intensify their knowledge concerning sensitive issues and particularities in their work areas. Furthermore, employees can obtain information on this subject at any time on Corporate Data Protection’s intranet pages. The department also reports on current data protection topics via a weekly internal blog. Data protection and data security Careful and secure handling of personal data is the basis for trusting business relationships. Protecting data shields the Lufthansa Group’s customers, employ- ees, shareholders, and suppliers from violation of their privacy rights through improper use of sensitive personal data. The Lufthansa Group protects and secures data according to the highest standards. Sustainability Report Balance // Issue 2015 // Lufthansa Group // 67