Deutsche Telekom Adheres to Data Protection Laws and Corporate Regulations

Deutsche Telekom emphasizes its commitment to adhering to data protection legislation and internal corporate regulations to safeguard the data of natural and legal persons. As a telecommunications provider, the company is particularly bound by various laws and regulations.

The regulatory landscape includes the European Union's General Data Protection Regulation (GDPR), effective since May 2018. This is complemented by Germany's Federal Data Protection Act (BDSG) and other specific laws such as the Telecommunications and Digital Services Data Protection Act (TDDDG), which came into effect in December 2021. The Telecommunications Act (TKG) serves as the framework directive for telecommunications networks and services, governing the market and customer protection, while the Telecommunications Surveillance Regulation (TKÜV) details technical and organizational requirements for monitoring telecommunications.

Internally, Deutsche Telekom operates under Binding Corporate Rules Privacy (BCRP). These rules establish group-wide internal data protection guidelines, ensuring a uniformly high level of data protection for the group's products and services. Additionally, a corporate policy on the organization of data protection defines governance and implementation functions within German group companies. A separate corporate security policy outlines key security principles, aligning with the international standard ISO 27001 to maintain consistent security and data protection levels across the group.

For the transfer of personal data to countries outside the European Union, Deutsche Telekom utilizes Standard Contractual Clauses recognized by the European Commission as appropriate safeguards. For data transfers within the corporate group, the Binding Corporate Rules Privacy serve this purpose.