GDPR Statement

TMF Group takes the privacy of its clients and employees very seriously. In order to be compliant with the upcoming General Data Protection Regulation (GDPR) requirements, TMF Group initiated a GDPR Compliance Program, such with the assistance of third party legal experts. This Program allows us to take all necessary steps in order be ready for the new privacy legislation by May 2018.

TMF Group will be complying with the GDPR both in its capacity as a Processor and Controller. TMF Group is committed to take all necessary steps to be compliant with the GDPR in time. In order to do so, we have set up a dedicated Global Privacy Team. This team is responsible for the implementation and monitoring of the GDPR Compliance Program across our global business operations.

As part of our GDPR Compliance Program, we have - in conjunction with third party legal experts - conducted a data mapping exercise and assessed our current compliance levels against the GDPR requirements. We are currently in the process of implementing all necessary actions in order to become GDPR compliant by May 2018. This includes, among others:

  • Setting up a Data Inventory for all TMF Group entities in scope;
  • Reviewing our internal and external procedures and policies (including the TMF Group Personal Data Protection Policy and Binding Corporate Rules);
  • Implementing new procedures and policies where necessary;
  • Reviewing and amending our current agreements with both our clients and suppliers to be GDPR compliant;
  • Reviewing and implementing technical and organisational (security) measures, also in line with our ISO certifications to meet compliance and regulatory requirements;
  • Update procedures to allow us to handle subject access requests in accordance with the GDPR requirements.

We are determined that, in collaboration with our clients and suppliers, we can take all necessary steps to be compliant with the GDPR by May 2018.

Please contact us at if you have any additional questions.