Protection of personal rights and the right to informal self-determination
The task of data protection is to protect individual rights and in particular, the privacy of each person. To this end, the processing of personal data has been comprehensively regulated in many countries around the world and data subjects have been granted rights to protect their own personal data. In the spirit of the Grafensatz “Grafen tip their hats”, the Zeppelin Group respects compliance with data protection requirements not only as a legal requirement, but also as an expression of honest, fair and responsible conduct. Zeppelin employees and business partners should be able to rest easy in the knowledge that their personal data can be protected.
To meet the ever-increasing legal requirements, as well as the importance given to data protection in the Zeppelin Group, Zeppelin maintains the Compliance and Data Protection division in the holding company, whose primary task is the ongoing development of the data protection management system within the Zeppelin Group. The division manages the global data protection organization, consisting of the Group Data Protection Officer as well as other data protection officers, data protection coordinators, and contact persons for data protection in the companies. These persons work together to ensure that the personal data of employees and business partners is handled in accordance with legislation. At the same time, they develop and support the introduction of necessary data protection and data security measures and further develop existing measures. However, the development of new digital products and services for customers, as well as the internal introduction of new tools and platforms, are also closely managed and monitored by the data protection organization. The data protection organization thus represents the interface to information security, which supports the projects from a technical perspective and in close coordination with Data Protection.
Progress in data protection
- Avoidance of data protection breaches through information and training
The main objective is to prevent data protection violations by providing targeted information and regular training for employees. Employees are made aware of data protection matters as part of the training and must take mandatory e-learning courses on data protection and information security. The overall participation rate in the basic training on data protection is the performance indicator for monitoring progress and is determined in relation to the number of employees (headcount, excluding trainees) as of December 31, 2023 in relation to the total number of participants.
| Total number and participation rate | Unit | 2021 | 2022 | 2023 |
|---|---|---|---|---|
| Overall participation | Number | 4,301 | 7,080 | 7,871 |
| Total participation rate | % | 40.8 | 68.8 | 77.2 |
The Group Data Protection Guideline is the central, binding policy on data protection management at Zeppelin and summarizes the rights and obligations, as well as the desired conduct, when handling personal data for all employees. Accompanying guidelines, including their visualization, process summaries, as well as information brochures and data protection notices for employees, provide guidance and transparency at the same time. Further information and templates are available at all times for all employees at a central point.
In addition, customers can obtain information on all of Zeppelin’s apps and websites about the processing of personal data when using our websites, apps and platforms, but also when using our services. Fair and responsible behavior towards customers also means being transparent in what you do.
| Category | Unit | 2021 | 2022 | 2023 |
|---|---|---|---|---|
| Reported data protection complaints (in accordance with Article 33 GDPR) | Number | 10 | 56 | 32 |
| of which breaches reported to supervisory authorities | Number | 0 | 6 | 2 |
| Complaints concerning breaches of customer data protection | Number | N/A | N/A | 0 |
| Complaints from external parties | % | N/A | N/A | 0 |
| Complaints from supervisory authorities | % | N/A | N/A | 0 |
| Total number of identified cases of data theft and data loss related to customer data | Number | N/A | 28 | 0 |
The introduction of new data protection management software in December 2021 resulting in the digitalization and harmonization of numerous processes of the data protection management system within the Zeppelin Group. Among other things, the possibility of reporting data protection violations online has been created, which makes it even easier for employees to report such violations. At the same time, the process for incoming reports has been further optimized, which in part leads to earlier involvement of the data protection organization and, if necessary, information security. At the same time, the adapted processes can be used to make significantly better evaluations with regard to the types of data subjects and the type of data protection incident. In 2023, the option was also created to report data protection violations via the Zeppelin Trust Line. This means that third parties can now also use a reporting channel for data protection violations. This can also be used anonymously.
Measures in 2023
The Zeppelin Group is continuously working on refining and improving its data protection management system (DMS). In addition to the continuous development of the existing data protection management software and the underlying processes, work on the development of a communication and the training concept was also stepped up in 2023. In 2023, the “GDPR Readiness Check” also included a status quo analysis with a risk assessment which determined the current status of the DMS within the Zeppelin Group and initiated numerous measures for improvement.