Team size: Six

Career Biography

Yao Lu is a distinguished legal leader with 20 years of cross-cultural and cross-jurisdictional experience, currently serving as General Counsel and Ethics & Compliance Officer of Capgemini China. With a strong educational background from Peking University and French institutions, she possesses deep expertise in multinational legal frameworks and compliance practices.

Throughout her career, Ms. Lu has demonstrated exceptional capability in driving legal excellence across diverse sectors including IT consulting, internet, fintech, and infrastructure. At Capgemini, she transformed the legal function into a strategic business partner, leading a cross-disciplinary team that supports 11 companies across 7 business lines. Her notable achievements include leading the integration of a multi-billion dollar cross-border acquisition and maintaining a 100% success rate in major litigation cases, recovering over ¥30 million in economic losses.

Her expertise extends to comprehensive compliance system development, having built robust frameworks for data classification, cross-border data transfer management, and other critical compliance areas. She has successfully handled complex regulatory challenges. Her strategic approach to risk management has consistently delivered measurable business value while ensuring full regulatory compliance.

Earlier in her career, she held senior legal positions at Himalaya Technology, where she led significant financing rounds, established compliance systems meeting NYSE and HKEX standards, and managed complex cross-border legal matters. Her background in prestigious law firms, including Beijing Tianyuan Law Firm and Gide Loyrette Nouel, further solidified her expertise in M&A, IPO, and cross-border transactions.

Recognized as a high-potential leader, Ms. Lu was selected for Capgemini’s exclusive 9-month Pace Setters executive training program. Her career exemplifies the evolution of a legal professional who consistently delivers strategic value while building high-performing teams capable of supporting business growth in complex regulatory environments.

What strategies do you employ to ensure the successful digital transformation of a legal department while maintaining compliance with your country’s data protection laws? 

In our daily operations, we utilise a variety of systems developed by the group to manage routine tasks, including project approval and contract review tools, litigation management tool, speak-up tool, and COI declaration tool, etc. Additionally, we employ AI solutions such as Copilot to assist us in reviewing contracts, extracting key points, generating meeting minutes, and searching for important emails. All these tools are uniformly procured by the group from foreign suppliers with their servers located overseas, which raises concerns regarding cross-border data issues.

To address these challenges, we have engaged external legal counsel to conduct a comprehensive security assessment of the data security measures across all systems utilised by our back office. Based on the findings from this assessment, we have taken steps to rectify identified vulnerabilities and have drafted a series of internal policies, operational manuals, and even AI ethics guidelines. Furthermore, we have established processes and solutions for managing potential data breaches.

We have also entered into a data export processing agreement with our parent company concerning data exports and ensured compliance with Chinese laws and regulations through proper filing procedures. With the establishment of a robust data classification and grading system within our organisation, we have further categorised personal information alongside enterprise confidential information and customer-related information.

I have appointed a member from the legal department who received specialised training to become our Data Protection Officer (DPO), responsible for overseeing data compliance. This review process is not only applicable to support functions but also extends to conducting risk assessments related to data processing in business operations. The DPO is also responsible for overseeing and monitoring all procedures and systems within the organisation that involve personal data. This oversight is conducted through a systematic IT tool, ensuring compliance with relevant regulations.

AI has been taken seriously as a potentially revolutionary technological change in the legal world for a number of years now. Has it had a meaningful impact in how your legal team works in this time?

Yes, I have been actively promoting the integration of AI tools into my legal practice. My team is likely the first legal department to allocate Copilot licenses to all legal staff and has undergone systematic training from Microsoft, thereby mastering practical applications of AI in contract review, legal research, document generation, and other relevant scenarios.

Currently, we are exploring practical pathways for utilising AI Agents to automate processes and provide intelligent decision support. As a leading IT service enterprise, Capgemini group consistently advocates for technological innovation and encourages the legal team to adopt advanced tools that systematically enhance work efficiency and quality.

Capgemini’s legal department has established a regular knowledge-sharing platform: legal counsels located around the globe share effective prompt design strategies through a collaborative platform and produce clear instructional videos demonstrating optimisation solutions for AI tools in daily legal operations. We frequently draw inspiration from colleagues’ experiences in other regions, localising and integrating applicable innovative practices into our workflows.

Leveraging our group’s extensive expertise and technological advantages in digital transformation, the Capgemini legal team stands at the forefront of industry exploration regarding intelligent tool applications.