The Consultancy Group
  • Insight
  • Events
Talk to Us

Strategy & Consulting

Design the direction
  • In-house Strategy
  • Value Creation
  • Performance Improvement
  • Transaction Services
Explore Strategy & Consulting →

Finance & Tax

Align the numbers
  • First CFO hire
  • PE entry & exit
  • Finance through M&A
  • Senior tax leadership
Explore Finance & Tax →

Transformation

Execute the change
  • ERP & systems leadership
  • Operating model redesign
  • Post-acquisition integration
  • AI & automation programmes
Explore Transformation →

For Clients

Hiring senior talent

Tell us about the search

  • Start a Mandate →
  • How We Work
  • Recent Mandates
  • Meet the Practice Leads

For Candidates

Exploring your next move

Confidential · No obligation

  • Register Your Interest →
  • Strategy Roles
  • Finance Roles
  • Tax Roles
  • Transformation Roles

For Future Colleagues

Joining the firm

We hire rarely, deliberately

  • Join the Team →
  • Who We Are
  • Our People
  • In Their Own Words

Strat Journeys

For strategy & consulting leaders
  • Leadership interviews
  • Market intelligence
  • Strategy jobs
Visit ↗

Finance Journeys

For CFOs & finance leaders
  • CFO interviews
  • Salary guides
  • Finance jobs
Visit ↗

Tax Journeys

For in-house & practice tax leaders
  • Tax leadership insights
  • Salary benchmarks
  • Tax jobs
Visit ↗

Transformation Journeys

For programme & change leaders
  • Programme insights
  • Digital & ERP
  • Transformation jobs
Visit ↗
What We Do
Strategy & Consulting Design the direction Finance & Tax Align the numbers Transformation Execute the change
For You

For Clients

Start a Mandate How We Work Recent Mandates Meet the Practice Leads

For Candidates

Register Your Interest Strategy Roles Finance Roles Tax Roles Transformation Roles

For Future Colleagues

Join the Team Who We Are Our People In Their Own Words
Insight Events
Our Communities
Strat Journeys ↗ For strategy & consulting leaders Finance Journeys ↗ For CFOs & finance leaders Tax Journeys ↗ For in-house & practice tax leaders Transformation Journeys ↗ For programme & change leaders
Talk to Us

Legal

  • Privacy Statement
  • Cookie Policy
  • GDPR Compliance
  • Terms of Use

Questions?

Christian Pampellonne
Data Protection Officer
Home / Legal / GDPR Compliance

GDPR Compliance

How we meet our obligations under UK GDPR as a specialist talent advisory and executive search firm handling candidate and client data.

Last Updated 21 April 2026

The Consultancy Group is a data controller registered with the UK Information Commissioner's Office. We handle personal data in accordance with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

What is UK GDPR?

The UK General Data Protection Regulation (UK GDPR) is the UK's framework for the protection of personal data, implemented alongside the Data Protection Act 2018. It sets out how organisations must collect, process, store, and share personal data — and the rights individuals have in respect of their own data.

For a firm like ours, where trust is central to the service we provide, compliance is not a box-ticking exercise. It is inseparable from the way we work with candidates and clients.

Our role as a data controller

In most of our processing activity, TCG acts as a data controller — we determine the purposes for which and the means by which personal data is processed. This includes personal data about:

  • Candidates who have registered with us, applied for a role, or been contacted by our consultants as part of a search
  • Client contacts at organisations we provide services to
  • Wider professional contacts across our markets

Where we use third-party services to support our work (such as email, CRM, and cloud storage), those providers act as data processors, operating under written data processing agreements.

The principles we apply

Lawful, fair and transparent processing

We identify a lawful basis for every processing activity — most commonly legitimate interests (running our search business), performance of a contract, or explicit consent. We are clear with candidates and clients about why we hold their data and what we do with it, as set out in our Privacy Statement.

Purpose limitation

We use personal data for the purposes it was collected — delivering talent advisory services, introducing candidates to clients, and maintaining long-term professional relationships. We do not repurpose data for unrelated activities.

Data minimisation

We collect only the personal data we need to do our work — typically what a CV, an initial conversation, and a role brief require. We do not ask for special category data (such as health, ethnicity, or political information) and we will not retain it if it is incidentally supplied.

Accuracy

Candidate details change regularly — roles, employers, locations, preferences. We encourage everyone registered with us to keep their information up to date, and we act promptly on requests for rectification.

Storage limitation

We retain personal data for as long as it is genuinely useful to the work we do with you, and no longer. Retention periods are set out in our Privacy Statement. You may request deletion at any time.

Integrity and confidentiality

We apply technical and organisational measures appropriate to the sensitivity of the data we hold — encrypted data transmission, access controls, least-privilege permissions, vendor review, and staff training. Senior hiring is frequently sensitive on both sides; confidentiality is non-negotiable.

Accountability

We can demonstrate our compliance. We maintain records of processing activity, have a named Data Protection Officer, review our processors regularly, and respond to subject access and related requests within the statutory timeframe.

Rights under UK GDPR

As a data subject, you have the following rights in respect of your personal data:

  • Right to be informed — to know what data we hold, why, and how long we will keep it
  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to have inaccurate data corrected
  • Right to erasure — to have your data deleted, subject to overriding legal obligations
  • Right to restrict processing — to limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a portable format
  • Right to object — to object to processing based on legitimate interests, including any direct marketing
  • Rights in relation to automated decision-making — we do not use personal data for automated decision-making that produces legal or similarly significant effects

To exercise any of these rights, contact Christian Pampellonne at the details below. We will acknowledge your request within five working days and respond fully within one month.

Sensitive processing: candidate confidentiality

Executive search frequently involves personal data in sensitive contexts — a CEO exploring options while still in role, a CFO under NDA ahead of a deal, a Head of Strategy whose direct team cannot yet know. We treat every conversation as confidential by default. Specifically:

  • We do not share candidate information with any client without the candidate's prior agreement, and we confirm that agreement before submission.
  • Internal access to candidate profiles is limited to the consultants working a specific mandate.
  • We decline to disclose which candidates we are speaking to, or about, to anyone outside the specific mandate in question.

International transfers

We place talent across the UK, Europe and the US. Where personal data is transferred outside the UK or European Economic Area, we rely on an appropriate safeguard — adequacy decisions, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses — to ensure equivalent protection.

Data breach response

In the unlikely event of a personal data breach, we follow the procedure set out by the ICO. Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the ICO within 72 hours. Where the risk is high, we will notify affected individuals directly without undue delay.

Questions or complaints

Data Protection Officer

Christian Pampellonne

The Consultancy Group

4–6 Throgmorton Avenue, London EC2N 2DL

Email: christian@consultancygroup.com

If you are not satisfied with how we have handled your personal data or a data-related request, you also have the right to complain to the UK supervisory authority:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Website: ico.org.uk

The Consultancy Group

Talent Advisory for organisations navigating serious change. Building Finance, Tax, Strategy and Transformation leadership since 2014.

Practice

  • Strategy
  • Finance & Tax
  • Transformation
  • Our Work

TCG

  • Who We Are
  • What We Do
  • Our People
  • Join the Team

Connect

  • Insight
  • Jobs
  • Events
  • Talk to Us

Ecosystem

  • Finance Journeys
  • Tax Journeys
  • Strat Journeys
  • Transformation Journeys

© 2026 The Consultancy Group. All rights reserved.

Privacy Cookies GDPR Terms