The EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the data protection legislation in all the countries we operate in will guide how we collect, handle, and store personal information at TCG.

Data protection legislation applies regardless of whether data is stored electronically, on paper, or on other materials. Personal information must be collected and used fairly, stored safely, and not be disclosed unlawfully.

Data protection legislation is designed to improve the privacy rights of individuals in relation to the information that organizations store about them.

TCG is committed to complying with relevant data protection legislation in every country we operate in.

Data Protection Law

Most data protection legislation is underpinned by the following six important principles, whereby personal data must be: 

• processed fairly, lawfully, and in a transparent manner in relation to individuals; 
• obtained only for specific, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; 
• adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed; 
• accurate and kept up to date; 
• held for no longer than necessary; 
• processed in a manner that ensures appropriate security of the personal data.

How will TCG ensure compliance?

At TCG, we have undertaken, or are currently in the process of undertaking, a variety of tasks to ensure that we comply. These included:

• The updating of data protection policies and procedures;
• Auditing existing processes to better understand how we use personal data, where it is stored, how secure it is, who has access to it, and what processes are used to send such data both internally and to third parties;
• The development of system changes and data cleansing;
• The roll-out of suitable training for our employees, contractors, and freelancers.

Data protection officer

To help TCG comply with data protection legislation, we have appointed a data protection officer (DPO) to oversee the development of our data protection policies and procedures and to protect the rights of individuals. The DPO sits on the Risk Committee and the TCG Business Change Board to ensure data protection is highly visible within the company.

An external data protection consultant provides specialist advice about ongoing data protection issues and helps TCG mitigate its data protection risks. The DPO reports directly to TCG’s chief financial officer.