Integrated Company Report 2018

We protect data


Protecting the personal data of our workforce, partners, clients and suppliers, thereby ensuring that we comply with statutory data protection regulations, is a matter that GIZ rates highly. Our data protection strategy forms the basis for corporate data protection management and describes how we apply the German Federal Data Protection Act within the company.

In early 2018, GIZ updated the data protection strategy in force at all GIZ locations around the globe and brought it into line with the provisions of the EU General Data Protection Regulation (GDPR). As part of this process, GIZ appointed two deputies for the data protection officer. By setting up a dedicated organisational unit for data protection management, the company has also created a new role to support operational implementation of GDPR at GIZ.


The core concern of the GIZ data protection officer and team is to design the procedures used to collect or process personal data so that they give appropriate consideration to data protection from the outset. The data protection officer reports to the Management Board on an ongoing basis and issues regular data protection reports. The officer is also a member of the company-wide risk management committee.

In view of the complexity and growing importance of data protection, GIZ’s Management Board decided in the third quarter of 2018 to introduce systematic and mandatory data protection management. This is based on the legal regulations, company regulations and GIZ’s data protection policy, as laid down in the data protection strategy. Before signing a contract with subcontractors who come into contact with personal data while working on a commission, the data protection management system examines whether they comply with the relevant data protection standards. Before any process involving collecting personal data or processing them inside the company or by third parties is launched, staff members have it checked and approved by the data protection management officers. This presupposes knowledge of and sensitivity towards data protection on the part of the staff involved. For this purpose, we offer a range of target-group-oriented training courses and individual advisory packages.


While the data protection team processed 190 enquiries in 2011, a total of 550 were received in 2018, and the upward trend continues. Since 2014/2015, GIZ has carried out data protection audits worldwide, to date in 19 key countries and country offices.

In 2018, the number of justified complaints related to data protection was only half the 2017 figure. All of these were individual cases that were amicably resolved to the satisfaction of both sides. However, there was an increase in the number of requests received from individuals for information on their own personal data stored at GIZ, which can be attributed to the strengthening of the rights of individuals to access their personal data following the introduction of GDPR.

More on this topic:

As a driver of change, digital transformation influences GIZ’s work both within the company and at our projects: Digital transformation at GIZ