FOI reference - FOI-380
Date - 9 May 2025
Request
I confirm that we hold some of the information you have requested and have set this out in the table below.
| Reference | Request | Response |
| 1.1 | Is the organisation’s DPO and other staff that work on data protection compliance: (a) An internal employee (b) A DPO provided by an external service provider (c) Hybrid (internal staff with external service provider support) | a - Internal employees |
| 1.2 | Where services are provided by external providers, please share the following information: (a) The Company name(s) (b) Annual spend by your organisation (FY2022/2023 through to FY2024/2025) (c) The highest day rate paid (d) Contract dates (start/end/renewal terms) (e) A brief description of the project or services provided (for instance, project title or internal reference) (f) Services covered (e.g., audits, breach management, SAR management, delivery of DPIAs) |
N/A – no services provided by external suppliers |
| 2.1 | What is the organisation’s, total annual expenditure on data protection/GDPR consultancy services? |
0 |
| 2.2 | For SoW/projects which have a spend of more than £5k), please share the following information: • Supplier company name • The scope of the Project (e.g, ICO investigation support;, DPIA support, Internal Audit recommendation support) • Spend • Procurement method |
N/A |
| 3.1 | The Number of in-house data protection staff in the organisation? (FTE) |
8 FTE |
| 3.2 | Are there any vacant roles? | Yes, one role. |
| 3.3 | Where there any ICO investigations, audits, or enforcement actions for the period from FY2022/2023 to FY 2024/2025? |
There were no investigations, audits or enforcement taken by the ICO against TPR over the period specified. |
| 4.1 | Is your organisation planning to put out to tender for any DPO/GDPR services in the current financial year? |
No |
| 4.2 | If yes please provide the following: Expected timeline Budget range Key service requirements Procurement method” |
N/A |