to Capgemini’s first
Integrated Report

This year, for the first time, we release digitally and in print, an Integrated Report aligned with the ‹IR› Framework as published by the International Integrated Reporting Council.

It is a key communication intended for all our stakeholders to explain who we are at Capgemini: a technology-enabled business transformation company serving global clients and a leading responsible company, using our expertise for positive impact.

Confident about the future, we believe that financial and non-financial performance are both critical to creating sustainable value for all. We would be delighted to gather your comments at integratedreporting@capgemini.com

Paul Hermelin

Chairman and CEO

Hubert Giraud

People Management and Transformation

Christine Hodgson

Corporate Social Responsibility

Rosemary Stark


en fr

Key Topics - A challenge and an opportunity

Ensuring data protection and cybersecurity

Patrick Nicolet
“Data protection and cybersecurity breaches are a major threat to a company’s reputation. Our priority is to safeguard digital assets, notably against cyberattacks and internal inadequate behavior, so we have deployed end to end security monitoring and protection tools and services. The challenge is not only about technology, it is also about business (client trust) and employees (protection of personal data).”

Patrick Nicolet

Chief Technology Officer

Global trends


represents the potential global cost of cybercrime, per year, by 2019, according to Forbes.


data records are lost or stolen every minute, according to Symantec, a cybersecurity software comp

Capgemini’s value proposition

Secure information is integral to business trust

Maria Pernas, Capgemini’s Group General Counsel, and Bernard Barbier, Capgemini’s Group Cybersecurity and Information Protection Officer, share how Capgemini addresses the challenges and seizes the opportunities related to data protection and cybersecurity.

Could you describe the challenges for our clients?

M.P. ›

First, our clients need to face enhanced expectations from their own clients who are more and more demanding regarding the processing of their personal data. Secondly, they are expected to document further their data processing and compliance – which is a new requirement for many of them, especially with the introduction of the new European General Data Protection Regulation (GDPR), which comes into effect in May 2018. Thirdly they are also expected to consider properly the legal requirements imposed by data protection legislation in their technical specifications.

B.B. ›

In 2017, large companies incurred cyberattacks. Our clients want to be protected against this cyber risk. Countries are also implementing stringent regulation to ensure that the most critical companies set up appropriate protection. Resilience against cyberattacks is becoming a major component of corporate value for investors and all stakeholders.


How do you address these challenges to safeguard your clients’ assets?

M.P. ›

We offer a privacy by design approach to our clients to ensure that their instructions regarding data protection constraints can be implemented in the services and products we offer them.

B.B. ›

Four years ago, Capgemini implemented a large cybersecurity and information protection (CySIP) program, which reflects our commitment to a high standard of data protection for the benefit of our clients and our own organization and employees. This led us to invest in new tools and technology. We have deployed worldwide employee awareness and training programs to enable everyone to take accountability of the firm’s and their own personal security. Capgemini has also structured a cybersecurity offer and is increasingly engaged with our clients to ensure their cybersecurity, leveraging our globally recognized SOC (Security Operations Centers) expertise. We will continue to invest.


How do you anticipate the new European GDPR and Network and Information Security (NIS) legislation? And what are the impacts for your organization?

M.P. ›

Capgemini articulates its GDPR approach around the implementation of the Binding Corporate Rules (BCR), which were approved by European data protection authorities back in 2016. This directs our organization to diffuse further data protection culture to ensure the actual implementation of the different procedures that we have defined under the BCR and which are key for compliance with the GDPR.

B.B. ›

The EU countries decided to boost the level of cybersecurity with the new European NIS directive, which will demand that the largest companies reach a very high level of cybersecurity. This represents a key growth opportunity for Capgemini and will also drive up our own cybersecurity level.