GDPR documentation built for complex entity structures
Trust and corporate service businesses manage personal data across hundreds of client entities, beneficial ownership registers, and cross-jurisdiction transfers. Clarium turns that complexity into a clear, auditable record.
How it works
From entity list to audit-ready RoPA in three steps
Import your entity list
Upload your client entity structure or let AI extract it from policy documents and beneficial ownership records.
Map processing across entities
Link processing activities to the entities, systems, and jurisdictions involved — across hundreds of client structures.
Export a JOIC-ready RoPA
One click generates a regulator-ready Record of Processing Activities in PDF, Excel, or UROPA JSON format.
The challenge
TCB compliance is a different problem
Standard GDPR tools assume one organisation, one register. TCBs manage data on behalf of dozens of client entities — each with its own obligations.
Entity proliferation means data flow complexity
A single client relationship can span trusts, foundations, companies, and partnerships across multiple jurisdictions. Each entity has its own processing activities — and each one needs to be documented.
Cross-jurisdiction transfers are unavoidable
Data flows between Jersey, the UK, the EU, and offshore fund jurisdictions constantly. Article 46 transfer mechanisms and adequacy decisions need to be mapped for every relevant data flow.
Beneficial ownership obligations overlap with GDPR
The Register of Beneficial Owners requires collecting personal data. That collection is a processing activity that needs to be documented, with its own legal basis, retention period, and data subject rights.
200+
client entities mapped per organisation
2 weeks
to full compliance from day one
1 click
to export for JOIC and ICO reviews
How Clarium helps
One register. Every entity. Always current.
Map entity structures as data flows
Model your client structure visually — which entity holds what data, which systems process it, and where it flows across jurisdictions. Spot gaps in your documentation before the regulator does.
Beneficial ownership processing, documented
Clarium's AI maps beneficial ownership data collection to the correct legal basis, purpose, and retention schedule. Article 30 entries generated automatically from your existing policies.
Cross-jurisdiction transfer tracking
Record the legal mechanism for every third-country transfer — SCCs, adequacy decisions, derogations. Your RoPA becomes audit evidence for both JFSC and ICO purposes.
Regulator-ready exports
Export your full RoPA as PDF, CSV, or UROPA format for JOIC reviews. One click, always reflecting the current state of your register.
From our clients
“We administer over 300 client entities. Before Clarium, keeping the GDPR register accurate was a full-time job. Now it takes one person an afternoon per quarter.”
Head of Compliance · Trust & Corporate Service Business · Jersey
FAQ
Common questions
Do trust and corporate service businesses need to maintain a GDPR Article 30 register?
Yes. Any organisation that processes personal data — including trust companies, corporate administrators, and fiduciaries — must maintain a Record of Processing Activities under Article 30 of the UK GDPR and EU GDPR. This applies regardless of size, unless the organisation has fewer than 250 employees and meets specific exemption criteria (which most TCBs do not, given the nature of the data they process).
How should we document beneficial ownership data collection under GDPR?
Beneficial ownership data collection is a processing activity that must appear in your Article 30 register. You must document the purpose (regulatory compliance with beneficial ownership legislation), the lawful basis (legal obligation), the categories of personal data collected (name, date of birth, nationality, ownership percentage), retention periods, and any third parties the data is shared with. The Register of Beneficial Owners creates ongoing GDPR obligations that are frequently absent from TCB compliance registers.
We administer data for multiple client entities — do we need a separate RoPA for each?
As a data controller for your own operations, you need one Article 30 register covering your firm's processing activities. If you also act as data processor on behalf of client entities, you must maintain a separate processor record under Article 30(2). Many TCBs operate as both controller and processor — your register should clearly distinguish between the two roles. Clarium supports both record types within a single platform.
See how a TCB achieved compliance in 2 weeks
Start your 30-day free trial. Bring your whole team from day one. No credit card required.