Set your privacy preferences

We use necessary cookies to make our website work. Cookies are small files stored on your device. We also use optional cookies to improve our services and tell us if you have seen our advertising. The data we collect is anonymised. Are you happy to accept these cookies?

View cookies

This website uses cookies. Your browser currently has cookies disabled.

Skip to main content

Making workplace pensions work

Data protection services and TPR staff

FOI reference - FOI-380
Date - 9 May 2025

Request

I confirm that we hold some of the information you have requested and have set this out in the table below.

Table: TPR's responses

Reference Request Response
1.1 Is the organisation’s DPO and other staff that work on data protection compliance: (a) An internal employee (b) A DPO provided by an external service provider (c) Hybrid (internal staff with external service provider support) a - Internal employees
1.2 Where services are provided by external
providers, please share the following
information:
(a) The Company name(s)
(b) Annual spend by your organisation
(FY2022/2023 through to FY2024/2025)
(c) The highest day rate paid
(d) Contract dates (start/end/renewal terms)
(e) A brief description of the project or services
provided (for instance, project title or internal
reference)
(f) Services covered (e.g., audits, breach
management, SAR management, delivery of
DPIAs)		 N/A – no services provided by
external suppliers
2.1 What is the organisation’s, total annual
expenditure on data protection/GDPR
consultancy services?		 0
2.2 For SoW/projects which have a spend of more
than £5k), please share the following
information:
• Supplier company name
• The scope of the Project (e.g, ICO
investigation support;, DPIA support, Internal
Audit recommendation support)
• Spend
• Procurement method		 N/A
3.1 The Number of in-house data protection staff in
the organisation? (FTE)		 8 FTE
3.2 Are there any vacant roles? Yes, one role.
3.3 Where there any ICO investigations, audits, or
enforcement actions
for the period from FY2022/2023 to FY
2024/2025?		 There were no investigations,
audits or enforcement taken by
the ICO against TPR over the
period specified.
4.1 Is your organisation planning to put out to tender
for any DPO/GDPR services in the current
financial year?		 No
4.2 If yes please provide the following:
Expected timeline
Budget range
Key service requirements
Procurement method”		 N/A
Back to top