Will the GDPR affect Morocco

We protect data

The protection of the personal data of our employees, partners, customers and suppliers as well as the statutory data protection regulations are important to us at GIZ. Our data protection concept forms the basis of the company's data protection management (DSM) and describes how we apply the Federal Data Protection Act in the company.

GIZ updated the data protection concept applied at all GIZ locations worldwide at the beginning of 2018 and adapted it to the requirements of the European General Data Protection Regulation (GDPR). In this context, GIZ has appointed two deputies for the data protection officer. With the data protection management organizational unit, the company has also created a new function to support the operational implementation of the GDPR at GIZ.


The main concern of the GIZ data protection officer and his team is to design procedures in which personal data are collected or processed in such a way that they take data protection into account. The data protection officer reports continuously to the management board and prepares data protection reports on a regular basis. He is also a member of the company-wide risk management committee.

Since the subject of data protection is very complex and its importance is growing steadily, the management of GIZ decided to set up a systematic and binding data protection management system (DSM) in autumn 2018. The foundations for this are the legal regulations, internal rules and the GIZ data protection policy, defined by the data protection concept. The DSM checks the contractors who come into contact with personal data in the course of order processing for data protection compliance before the contract is concluded. All processes in which personal data is collected or processed internally or by third parties are submitted to data protection management for review in advance. This presupposes the knowledge and sensitivity of the staff for data protection. For this purpose, we offer target group-oriented training courses and individual advice.


While the number of inquiries processed by the data protection team in 2011 was 190, the number was around 550 in 2018 - and the trend is rising. GIZ has been carrying out data protection audits worldwide since 2014/2015, so far in 19 important countries and country offices.

The number of justified data protection complaints more than halved in 2018 compared to the same period of the previous year, with eight complaints. These were all individual cases that we resolved amicably. On the other hand, there was an increase in requests for information about personal data stored at GIZ, which can be attributed to the strengthening of the rights of data subjects with the introduction of the GDPR.

For further reading:

As a driver of change, digital change influences GIZ's work internally and in our projects: Digital transformation at GIZ