General counsel, ethics, compliance officer and data protection officer North Latam | Capgemini
José Eduardo Salgado Villegas
General counsel, ethics, compliance officer and data protection officer North Latam | Capgemini
How do you approach managing legal aspects during periods of instability or crises, and how does your legal strategy align with the broader business strategy to ensure the organisation’s resilience?
Managing legal aspects during periods of instability or crises requires a proactive and strategic approach. My focus is on safeguarding the organisation’s interests while ensuring compliance with relevant laws and regulations. During such times, I prioritise clear and timely communication with the leadership team to provide sound legal advice and risk assessments, helping them make informed decisions.
To align the legal strategy with the broader business strategy, I work closely with members of the executive committee to better understand their respective key objectives and challenges. This collaboration allows me to tailor legal responses that not only address immediate issues but also support long-term goals taking into consideration legal costs, needs and resources. By integrating legal considerations into the overall strategic planning, we can mitigate risks, protect our assets, and maintain operational continuity.
Furthermore, I emphasise flexibility and adaptability within the legal team, ensuring that we can respond quickly to changing circumstances. This includes staying informed about emerging legal trends and potential regulatory changes that could impact the organization. By doing so, we contribute to the organization’s resilience, helping to navigate crises effectively while positioning the company for future success.
What are the main cases or transactions you have been involved in recently?
Because of confidentiality restrictions, I cannot mention clients or projects names. However, I can mention that recently we closed three multimillion dollar contracts with some of Mexico’s most important banks and insurance companies involving complex cloud migration of such institutions’ platforms and databases, which will enable them to optimise their operations and enhance their digital services. These projects involve significant strategic planning and technical execution, ensuring seamless transitions to cloud environments while maintaining stringent security and compliance standards. Our work in these areas has enabled these institutions to improve scalability, reduce operational costs, and offer more robust and flexible digital solutions to their customers. By leveraging advanced technologies and best practices, we help our clients stay competitive in an increasingly digital financial landscape.
We have also been involved in a technology services transaction that require us to provide services in export control-sensitive countries, which required to conduct a very thorough analysis from a technological standpoint to determine if the company was allowed to provide such services. Said analysis included a comprehensive review of relevant export control regulations, including the identification of any restricted technologies and the classification of the services under applicable export control laws. We assessed the legal implications and compliance requirements, considering both local and international regulations.
Additionally, we evaluated the potential end-users and end-uses of the services to ensure compliance with prohibitions or restrictions on dealings with certain entities or for specific purposes. This involved due diligence on clients and partners, as well as understanding the specific nature of the services provided.
We also consulted with regulatory experts and, where necessary, obtained necessary licenses or authorisations from the appropriate government authorities. The analysis included coordinating with our internal legal, compliance, and technical teams to establish protocols and safeguards to ensure compliance throughout the project. This thorough approach allowed us to mitigate legal risks and ensure that all activities were conducted within the bounds of applicable laws and regulations.
What strategies do you employ to ensure the successful digital transformation of a legal department while maintaining compliance with Mexico’s data protection laws?
As general counsel, ensuring the successful digital transformation of a legal department while maintaining compliance with Mexico’s data protection laws involves a multi-faceted strategy. The key elements of this strategy include:
Comprehensive assessment and planning: Capgemini has conducted a thorough assessment of our current systems, processes, and data flows from a Global point of view. The assessment was then carried out in each country from a local data protection officer perspective. This included identifying sensitive information and understanding how it was handled, stored, and transmitted. Based on this assessment, we developed a clear digital transformation roadmap that aligned with the chief data protection officer’s goals, Capgemini’s binding corporate rules and the company’s broader business objectives.
Data protection and compliance framework: a critical aspect of digital transformation is ensuring compliance with Mexico’s federal law on the protection of personal data held by private parties (LFPDPPP). We establish a robust data protection framework that includes implementing appropriate technical and organisational measures to safeguard personal data. This includes data encryption, access controls, and regular audits to client accounts, suppliers and different departments to ensure compliance with legal requirements.
Technology and vendor selection: we carefully select technology solutions and vendors that prioritize data security and compliance. This includes conducting a Data Privacy Impact Assessment to ensue that suppliers adhere to strict data protection standards and comply with applicable laws. We negotiate contracts that include comprehensive data protection clauses and conduct due diligence to verify compliance.
Training and awareness: to successfully implement digital transformation, it is essential to foster a culture of compliance and data protection within the legal department. Capgemini provides ongoing training and awareness programs for all Capgemini employees to ensure they understand the importance of data protection, the specific legal requirements applicable to Capgemini by the GDPR and Mexican laws, and how to use new technologies securely.
Continuous monitoring and adaptation: the legal landscape and technology environment are constantly evolving. We establish processes for continuous monitoring of regulatory changes and technological advancements. This allows us to adapt our strategies and systems promptly, ensuring ongoing compliance and leveraging new opportunities for efficiency and innovation.
Collaboration with IT and security teams: close collaboration with our group IT and cybersecurity teams is crucial. We work together to implement and maintain secure digital infrastructures, develop incident response plans, and conduct regular security assessments to identify and mitigate potential risks.
By integrating these strategies, we ensure that the digital transformation of the legal department is not only successful but also compliant with our BCRs and Mexico’s data protection laws. This approach enables us to enhance efficiency, improve data management, and support the organisation’s overall digital initiatives while safeguarding the privacy and security of sensitive information.
General counsel, ethics and compliance and data protection officer North Latin America | Capgemini
General counsel, ethics and compliance and data protection officer North Latin America | Capgemini