Tube strikes 7-12 September. If you can’t to attend an appointment, please contact the relevant service.
FOI/2025/26/033
Read more about this page below
| Reference | FOI/2025/26/033 |
|---|---|
| Description | Data Protection Services |
| Date requested | 24/04/2025 |
| Attachments | N/A |
Request
Under the Freedom of Information Act 2000, please provide the following information about your procurement of any
(i) external Data Protection Officer (DPO),
(ii) Data protection GDPR compliance services for the period FY2022-23 to FY2024-25:
1. Current DPO arrangements
1.1 Is the organisation’s DPO and other staff that work on data protection
compliance:
(a) An internal employee
(b) A DPO provided by an external service provider
(c) Hybrid (internal staff with external service provider support)
1.2 Where services are provided by external providers, please share the following information: N/A, please see response to 1 above.
(a) The Company name(s)
(b) Annual spend by your organisation (FY2022/2023 through to
FY2024/2025)
(c) The highest day rate paid
(d) Contract dates (start/end/renewal terms)
(e) A brief description of the project or services provided (for instance, project title or internal reference)
(f) Services covered (e.g., audits, breach management, SAR management, delivery of DPIAs) • Please indicate what deliverables were produced • Procurement method (e.g., open competition, framework agreement, direct
award) and name of the procurement framework, if applicable.
2. Consultancy N/A, please see response to 1 above.
2.1 What is the organisation’s, total annual expenditure on data protection/GDPR consultancy services?
2.2 For SoW/projects which have a spend of more than £5k), please share the following information:
• Supplier company name
• The scope of the Project (e.g., "ICO investigation support", DPIA support, Internal Audit recommendation support) • Spend • Procurement method 3. Data Protection Compliance staffing
3.1 The Number of in-house data protection staff in the organisation?
The Information Governance team comprises of 7 members of staff with varied skills. These include a Records Manager and a team administration staff who support the information governance team.
3.2 Are there any vacant roles? (Yes) this is an administration role.
3.3 Where there any ICO investigations, audits, or enforcement actions for the period from FY2022/2023 to FY 2024/2025? There were investigations in for the period from FY2022/2023 to FY 2024/2025 which the ICO closed with no action required of the Trust.
4. Future Plans
4.1 Is your organisation planning to put out to tender for any DPO/GDPR services in the current financial year? No
4.2 If yes please provide the following: N/A please see response in 4.1 above.
Expected timeline
Budget range
Key service requirements
Procurement method