Skip to Content

Cybersecurity and data protection

Protecting our company, our employees, and our clients.

As a leader in the digital industry, we take seriously our responsibility to create a trusted environment across our entire ecosystem. We believe that a comprehensive and constantly improving cybersecurity and data protection model will foster an increasingly valuable, yet elusive, asset: digital trust.

We are committed to protecting all data entrusted to us and defending our business against cyberattacks. Our cybersecurity and data protection teams enforce data breach and security incident management policies and ensure effective implementation of data, infrastructure, and identity protection obligations. This includes mandatory training programs for colleagues on how to prevent and respond to data breaches and incidents.

Our CERT services

Our Computer Emergency Response Team (CERT) collaborates with our Security Operations Center (SOC) teams to establish detection rules and coordinate responses in line with an established framework:

Computer emergency response team

The Computer Emergency Response Team (CERT) is responsible for preventing threats and intervening in security incidents impacting Capgemini.

If you have any concerns or want to report an issue, please get in touch using the details below:

– PGP key: 0x973d58b0c454b4ee
– Phone number: +33 (0)7 64 54 24 53

Send us an emailDownload RFC2350

How we operate

Data protection

Our Binding Corporate Rules (BCRs) are the foundation of our data protection program, setting out our commitment to securing personal data and complying with data protection laws.

First approved by the European Data Protection Authorities in March 2016, and updated in 2019 to meet the requirements of GDPR, they ensure continuous improvement in data protection processes across our entire organization.

Furthermore, our approach to ‘privacy by design’ means that data privacy measures are embedded throughout all data processing phases to ensure compliant and secure data collection, transmission, and storage


Our board-sponsored cybersecurity strategy, in place since 2014, is focused on: managing internal and external threats; establishing trust mechanisms within our ecosystem and across our organization; and complying with legal requirements and security standards (with ISO 27001 as a baseline). Each month, we produce incident dashboards and a cyber risk scorecard covering 16 items on technology, human factors, external risks, suppliers, compliance, and policy enforcement.

Our corporate cybersecurity governance ensures a consistent approach built on architecture, and policies aligned with international standards, client practices, and market trends. It helps to develop supply chain security across all stakeholders, including employees, business units, clients, suppliers and partners.

Our communities

Internal cybersecurity and data protection communities are a critical component of our operating model that work together on protecting our company, employees, and clients.

The cybersecurity community includes the Group Cybersecurity Officer and team, and Chief Information Security Officers in all global business lines, business units and countries.

The data protection community includes the Group, Regional, and Local Data Protection Officers. In addition, Data Protection Champions are appointed to represent each Group function and global business line.

Protecting our clients

We bring together a business-focused approach, sector-specific expertise, advanced technology, and thousands of skilled professionals to deliver an end-to-end portfolio of cybersecurity services to our clients.