Capgemini Binding Corporate Rules

| Generic documents

As a global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organisations to realize their business ambitions through an array of services from strategy to operations. Capgemini therefore processes large amounts of personal data.

Capgemini is committed to protecting all personal data entrusted to it as part of its activities as a Data Controller and as a Data Processor. As an international group with entities located in more than 40 countries, it is important to Capgemini that information flows freely and securely. Providing an appropriate level of protection to the personal data being transferred within the group, is one of the reasons why Capgemini has chosen to implement these Binding Corporate Rules (BCR) which were first approved by the French data protection authority, the CNIL, in March 2016. This is all the more important as legal data protection and legal data security are crucial for each affiliate of Capgemini. The financial and reputational risks are high.

For this very reason, Capgemini’s BCR should not be construed as a mere transfer mechanism, but rather as a comprehensive personal data protection framework defining our entire accountability approach to the processing of personal data.

Capgemini’s BCR define indeed not only the principles with which it shall comply with when processing personal data but also specify the procedures designed to address Capgemini compliance with applicable data protection laws and in particular with the General Data Protection Regulation 2016/679 (GDPR).