The case for CSR/ Sustainability Reporting Done Responsibly


Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How United Internet promotes data privacy

Case study: How United Internet promotes data privacy

With 23.85 million fee-based customer contracts and 37.00 million ad-financed free accounts, United Internet is a leading European internet specialist, owning one of Germany’s largest fiber-optic networks. As a responsible internet service provider, United Internet is committed to guaranteeing maximum security for its customers and effectively protecting their data against all unauthorised access.

This case study is based on the 2018 Sustainability Report by United Internet published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.

Layout 1Abstract

United Internet is committed to making digitisation safe and secure and protecting personal data  Tweet This!, anchoring data privacy in its systems and processes. In order to promote data privacy United Internet took action to:
  • apply extensive and clearly understandable rules
  • provide regular data privacy training
  • conduct systematic dialogue with the regulatory authorities
  • deploy complaint mechanisms

What are the material issues the company has identified?

In its 2018 Sustainability Report United Internet identified a range of material issues, such as customer satisfaction, environmental impact of products and services, non-discrimination, compliance and anti-corruption, diversity and equal opportunities. Among these, promoting data privacy stands out as a key material issue for United Internet.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups United Internet engages with:

Stakeholder Group
Business partners
Non-governmental organisations
Politicians and associations

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics United Internet carried out an online survey among its external stakeholders, to obtain their perspectives on material sustainability topics. Survey participants included representatives of investors /analysts, business partners /customers (including wholesale telecommunications partners and outsourcing service providers), other suppliers, and industry associations.

What actions were taken by United Internet to promote data privacy?

In its 2018 Sustainability Report United Internet reports that it took the following actions for promoting data privacy:

  • Applying extensive and clearly understandable rules
  • United Internet promotes compliance by designing its guidelines and processes in a way that makes data privacy requirements more transparent and easier to understand. United Internet’s information brochure Information Security and Data Privacy provides clear explanations on how to handle data and information in a responsible way. Among other things, this includes questions on compliance with the basic rules of data privacy, how e-mail and the internet can be used securely, and which aspects have to be observed when welcoming visitors to the company.
  • Providing regular data privacy training
  • United Internet seeks to make sure that every employee plays an active role in protecting data against loss or unauthorised access and trains employees personally on data privacy regulations. In 2018, United Internet held a variety of training sessions on data privacy and information security, especially in connection with the EU’s new General Data Protection Regulation (GDPR). In addition to basic staff training, there were classroom sessions which specifically addressed the responsibilities of United Internet’s managers with regard to data privacy. United Internet’s Privacy department and Data Privacy Coordinators also give advice on issues concerning data privacy legislation, for example, in the field of product design and product development, or with regard to contractual agreements.
  • Conducting systematic dialogue with the regulatory authorities
  • United Internet’s Privacy department is in regular contact with the relevant data privacy authorities, above all to process concerns from clients that have been forwarded by the regulatory authorities. United Internet also passes on reports of data privacy violations in accordance with GDPR (49 in the reporting year) to the Federal Network Agency (Bundesnetzagentur) and to the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit – BfDI). Additionally, members of the Privacy department regularly engage in discussions with the BfDI about the latest data privacy issues.
  • Deploying complaint mechanisms
  • United Internet processes customer inquiries and customer complaints about data privacy through the trained staff of a special Customer Care department, in close coordination with the Privacy department, and responds to any incidents internally by adapting guidelines and sensitising employees where necessary. Employees also have the possibility to confer in confidence with the Compliance and Privacy departments in order to review any questions relating to data privacy which may arise during their activities. The Privacy department also carries out event-driven internal data privacy checks and is additionally involved in conducting audits to make sure United Internet’s service providers comply with data privacy regulations.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

  • Sustainable Development Goal (SDG) 16: Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
  • Business theme: Compliance with laws and regulations, Protection of privacy


80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

FBRH GRI Standards Certified, IEMA & CIM recognised Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI Standards Certified, IEMA & CIM recognised course you will be taking the first step in gaining the many benefits of sustainability reporting.

Most importantly, you will gain the knowledge to use the GRI Standards, project manage your own first-class sustainability report and:

  • Identify your most important impacts on the Environment, Economy and Society
  • Begin taking solid, focused, all-round sustainability action ASAP



1) This case study is based on published information by United Internet, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:


Note to United Internet: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.