The Corporate Data Protection department ensures that the German Data Protection Act (Bundesdatenschutzgesetz, BDSG) is applied across the Lufthansa Group. It acquaints our employees with the relevant provisions of the law and conducts data protection audits. In addition, the Group’s data protection experts advise the departments when new systems are introduced or procedures are designed or altered. This makes it possible to coordinate data protection and economic concerns early on. The crucial first step is to make employees and managers sensitive to the risks to data protection so that they are able to detect and avoid them. For a service company such as the Lufthansa Group, the protection of personal data also has special economic importance. Such information is invaluable to the companies in their efforts to deliver the best quality of ser- vices possible. The more personal the options or services are, the more important knowl- edge of the preferences of individual custom- ers becomes. In recent years a particularly troublesome area of legal conflict has developed over the use of personal data as foreign authorities have come to demand, with ever greater frequency, information on passengers as contained in their passports or flight reservations. As a German company, Deutsche Lufthansa AG is subject to German data protection law. Never- theless, the airlines must also observe rules of entry and security provisions in the various destination countries. Lufthansa always attempts to avoid such data disclosures for as long as possible. This problem can be defini- tively resolved only at the political level through workable international agreements that are compatible with data protection law. Mandatory guidelines ensure data protection The Data Protection Guidelines establish the framework for data protection in the Lufthansa Group. They are based on laws such as the BDSG and accepted principles of data pro- tection. The Guidelines spell out the duties of compliance with data protection law. They also set forth rules intended to ensure conduct in conformity with data protection law through- out the Group, to make risks to data protec- tion transparent, and to safeguard against such risks. Data protection is the responsibility of the Executive Board and the management of various companies. They are assisted in the discharge of this responsibility by the Corpo- rate Data Protection department under the direction of Dr. Barbara Kirchberg-Lennartz. In 2013, as in 2012, the Lufthansa Group recorded no significant risks to or sanction- able violations of personal data protection. As a rule, we were able to respond quickly to data disclosure requests and customer feed- back. When necessary, we instituted changes in procedures or behavior. Training in the protection of data One of the main issues on which the Group’s data protection experts gave advice in the reporting year was the use of customer data for sales purposes in compliance with data protection requirements. Training courses and measures to disseminate information on data protection for employees and managers will be further stepped up in 2014. They are an essential requirement for detecting and man- aging risks to data protection. The Web-based training course (WBT) The fundamentals of data protection is mandatory for much of our workforce. Data protection audits The experts in Corporate Data Protection also conduct their own audits of selected proce- dures and systems used to process personal data. As a rule, the reliability, security, and regularity of the audit projects are checked. ß Data protection and data security Careful and secure handling of personal data is the basis for trust in a busi- ness relationship. Protecting data protects the Lufthansa Group’s customers, employees, shareholders, and suppliers from violation of their personality rights through improper use of their personal data. The Lufthansa Group pro- tects and secures data according to the highest standards. 76 // Product Responsibility