Skip to Content
Policy

Data Protection Policy

Capgemini is committed to protecting the privacy of its clients, employees and partners. In order to do so, Capgemini has adopted Binding Corporate Rules (BCR) as its global data protection policy.

Capgemini BCR apply to all Capgemini entities and their employees, ensuring a strong standard of protection for all personal data processed by Capgemini, whether on its own behalf and on behalf of its clients. Capgemini BCR include both its EU and UK BCRs.

In addition to being Capgemini’s global data protection policy, BCR allow Capgemini to safely transfer personal data among entities of the Group, in compliance with the EU General Data Protection Regulation (GDPR) and UK General Data Protection Regulation (UK GDPR).

Download EU BCR (Controller activities)
Download EU BCR (Processor activities)

Capgemini EU Binding Corporate Rules (EU BCR) for Controller & Processor activities were initially approved by the European Data Protection Authorities in March 2016 and subsequently updated in January 2019 to comply with the General Data Protection Regulation (GDPR).

Capgemini EU BCR for Processor activities were last updated in April 2023 to align with additional obligations stemming from the so-called Schrems II decision.

Capgemini EU BCR for Controller activities were last updated in April 2025 to comply with the updated European Data Protection Board (EDPB) requirements.

These updates were reviewed and approved by the European data protection authorities as required.

Capgemini is actively collaborating with the CNIL, as its lead data protection authority, to ensure its EU BCRs are kept up-to-date and comply with the latest requirements from the EDPB.

Download UK BCR (Controller activities)
Download UK BCR (Processor activities)

Capgemini UK Binding Corporate Rules (UK BCR) for Controller & Processor activities were approved in March 2022 by the ICO, the UK Data Protection Authority, following the Brexit.  

Our objective

Committed to data protection

As part of our Environmental, Social and Governance policy, we have set ourselves the objective to:

Embed data protection into our culture, operations and clients’ delivery.

Visit our ESG pages