The case for CSR/ Sustainability Reporting Done Responsibly


Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How Deutsche Telekom promotes data privacy and security

Case study: How Deutsche Telekom promotes data privacy and security

As a leading global information and telecommunications technology company, present in over 50 countries worldwide and with 165 million mobile customers, 28,5 million fixed-network lines and 18,5 million broadband lines, promoting data privacy and security is a top priority for Deutsche Telekom  Tweet This!, in trying to gain customers’ trust.

This case study is based on the 2015 Corporate Responsibility Report by Deutsche Telekom published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate that CSR/ sustainability reporting done responsibly is achieved by identifying a company’s most important impacts on the environment and stakeholders and by measuring, managing and changing. 

Layout 1


According to a survey conducted by TNS Emnid for Deutsche Telekom in February 2016, nearly half of the German population (48%) has fallen victim to Internet crime. Guaranteeing data privacy and security is, thus, highly important for Deutsche Telekom. In order to promote data privacy and security Deutsche Telekom took action to:

  • publish an annual data privacy and Transparency Report
  • provide employees with data privacy training
  • annually audit data privacy standards
  • raise employee awareness about data privacy

What are the material issues the company has identified?

In its 2015 Corporate Responsibility Report Deutsche Telekom identified a range of material issues, such as ICT solutions for a low-carbon economy, service quality, ICT and child safety, cyber safety, talent acquisition, retention, development and staff reduction, climate change mitigation. Among these, promoting data privacy and security stands out as a key material issue for Deutsche Telekom.

Stakeholder engagement in accordance with the GRI Standards

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The organization should identify its stakeholders, and explain how it has responded to their reasonable expectations.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups Deutsche Telekom engages with:   

Stakeholder Group                Method of engagement
General public / all stakeholders ·         Annual CR report


·         We Care app magazine

Employees ·         engagement@telekom corporate citizenship program

·         Telekom Social Network

·         Internal events such as Guiding Principles Day

Customers ·         Free 24-hour service

·         Used cell-phone collection campaigns

·         Involvement in product development



·         Development programs for suppliers

·         CR Stakeholder Forum

Analysts and investors ·         SRI roadshows

·         Webinars

Non-governmental organizations (NGOs) ·         Collaborations

·         Stakeholder dialog

Politics ·         Political advocacy at EU, Germany-wide and state level

·         Memberships, e.g., in the ZIRP Rhineland-Palatinate initiative for the future (

Journalists ·         Workshops, e.g., with Deutsche Journalistenschule students
Compliance experts ·         Exchange and membership in international and national organizations
Corporate partners ·         Collaborations and partnerships for the development of sustainable solutions

How stakeholder engagement was made to identify material issues

To identify and prioritize material aspects Deutsche Telekom evaluated the results of an online stakeholder survey among 312 stakeholders (including customers, employees, analysts and investors, NGO representatives, suppliers and others).

What actions were taken by Deutsche Telekom to promote data privacy and security?

In its 2015 Corporate Responsibility Report Deutsche Telekom reports that it took the following actions for promoting data privacy and security:

  • Publishing an annual data privacy and Transparency Report
  • Deutsche Telekom was the first DAX-30 company to publish an annual data privacy report in 2008, regarding all relevant processes, and since 2011 has been also publishing an integrated data privacy and data security report. Additionally, since 2014 Deutsche Telekom has been publishing an annual Transparency Report, relating to the amount and types of information shared by the company with German and international security agencies.
  • Providing employees with data privacy training
  • Every two years Deutsche Telekom’s employees receive data privacy training, with specific trainings carried out in the company’s customer and human resources departments to minimize the risk of data abuse, which include online courses, presentations, and face-to-face courses on topics such as “Data privacy at call centers”.
  • Annually auditing data privacy standards
  • Deutsche Telekom carries out an annual data privacy audit, intended to measure and improve the company’s general data privacy standards. In 2015, 30 per cent of Deutsche Telekom’s employees were randomly chosen and interviewed online, with the data privacy audit accompanied by data privacy officers’ self-assessments at Deutsche Telekom’s national companies, relating to the implementation of the Binding Corporate Rules on Privacy.
  • Raising employee awareness about data privacy
  • Deutsche Telekom launched, in January 2015, an international campaign aimed at increasing employee awareness of data privacy’s importance. Approximately 150 employees participated in the “Don’t give the data slob a chance” ideas competition, addressing the issue of dealing with data privacy lightly in a number of ways, including cartoons and videos.

Which GRI indicators/Standards have been addressed?

The GRI indicator addressed in this case is: G4-PR8: Total number of substantiated complaints regarding breaches of customer privacy and losses of customer data and the updated GRI Standard is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data


80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

FBRH GRI Standards Certified and IEMA approved Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI-Standards Certified and IEMA approved Course you will be taking the first step in gaining the many benefits of sustainability reporting.



1) This case study is based on published information by Deutsche Telekom, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:





Note to Deutsche Telekom: With each case study we send out an email to your listed address in request for a comment on this case study. If you have not received such an email please contact us.