The Corporate Data Protection department ensures that Germany’s Federal Data Pro- tection Act (FDPA) is applied across the Lufthansa Group. It familiarizes employees with the relevant legal provisions and con- ducts regular data protection audits. In addition, the Group’s data protection experts advise the departments when new systems are introduced and procedures are designed or modi ed. This allows for the coordination of data protection and business concerns at an early stage. The all-important rst step is to make employ- ees and managers aware of the risks related to data protection, so that they are able to detect and avoid them. During the reporting year, the emphasis of advice was on using customer data in ways that con- form to data protection standards. Meanwhile, the con ict between German data protection legislation and ever-more frequent demands for passenger informa- tion from foreign authorities remains unre- solved (see page 67, Balance 2015). Mandatory guidelines ensure data protection The framework for secure data handling within the Lufthansa Group is de ned by its Data Protection Guidelines. Based on laws such as the FDPA and established princi- ples of data protection, they spell out con- crete obligations regarding compliance with data protection laws. These guidelines also de ne rules to ensure Group-wide conduct that is compliant with data protec- tion law, make risks related to data protec- tion transparent, and safeguard against such risks. Furthermore, these rules were integrated into the Group guidelines for the purposes of data protection in countries outside the EU and requirements for han- dling data relating to orders. Data protection is the responsibility of the Executive Board and the management of the respective Group company. They are assisted in the discharge of this responsibil- ity by the Corporate Data Protection depart- ment, headed by Dr. Barbara Kirchberg- Lennartz. As in 2014, the Lufthansa Group recorded no signi cant risks or sanction- able violations concerning the protection of personal data in 2015. Moreover, data dis- closure requests and customer feedbacks were handled in a timely fashion as a rule. Systematic training Training and informational measures con- cerning data protection are aimed at famil- iarizing employees and managers with the necessity of data protection, the key terms, the organization of data protection within the Lufthansa Group, and speci c issues concerning individual areas. The Web-based training course “The fun- damentals of data protection” is mandatory for many Lufthansa employees. After sign- ing an agreement to compliance with data con dentiality, new hires and job changers must complete this training within a short time. Since September 2014, the ensuing training certi cates are valid for only three years, as opposed to the previous ve years. In addition, the Group offers short specialized trainings online for certain target groups to intensify their knowledge concerning sensitive issues and particulari- ties in their work areas. Furthermore, employees can obtain infor- mation on this subject at any time on Cor- porate Data Protection’s intranet pages. The department also reports on current data protection topics via a weekly internal blog. Data protection and data security Careful and secure handling of personal data is the basis for trusting busi- ness relationships. Protecting data shields the Lufthansa Group’s customers, employees, shareholders, and suppliers from violation of their privacy rights through improper use of sensitive personal data. The Lufthansa Group pro- tects and secures data according to the highest standards. 72 // Product Responsibility