BearingPoint is committed to respecting and protecting the privacy and data of active and former employees as well as third parties, including but not limited to active and former clients, business partners, prospects, and applicants. To comply with statutory specifications and client requirements, data is protected by technical and organizational measures to prevent unauthorized access, data processing abuse, manipulation, and destruction of data. BearingPoint has implemented privacy management software for the recording of systems and attributes, wherein data is stored or processed, to demonstrate compliance with the regulations of GDPR. The company has also implemented and maintains a quality management system (QMS) aligned with its business model and its overall strategic orientation. BearingPoint’s QMS is certified according to ISO 9001:2015, and the company has implemented and maintains an information security management system (ISMS) aligned with its business model and its overall strategic orientation.
BearingPoint’s ISMS is certified according to ISO 27001:2013. Any individual who works for or on behalf of BearingPoint must be familiar with BearingPoint’s latest data protection and privacy and information security policies and guidelines available in BearingPoint’s intranet. Persons employed in data processing shall not collect, process, or use data without authorization. When taking up their duties, such persons are committed to the data privacy secret stated by data protection regulations. BearingPoint has put in place an adequate organization to ensure compliance with GDPR and all other applicable data protection regulations in relation to any individual, any information system, or any business process that collects, uses, accesses, shares, stores, transfers, or destroys employees’ or third parties’ data for or on behalf of BearingPoint.
To meet the principle of segregation of duties, BearingPoint has established a Risk and Quality Management Department as well as a Group Compliance Department to which the responsibilities of QMS, GDPR, compliance, and ISMS were delegated. All personnel acting in the field of data protection are under supervision of BearingPoint’s chief compliance officer, who also acts as the chief information security contact.