Skip to content
Contents

Data Protection Services

Reference: 25-26037

Date response sent: 08/05/2025

Details of enquiry

  1. Current DPO arrangements

1.1. Is the organisation’s DPO and other staff that work on data protection compliance:

(a) An internal employee

(b) A DPO provided by an external service provider

(c) Hybrid (internal staff with external service provider support)

1.2. Where services are provided by external providers, please share the following information:

(a) The Company name(s)

(b) Annual spend by your organisation (FY2022/2023 through to FY2024/2025)

(c) The highest day rate paid

(d) Contract dates (start/end/renewal terms)

(e) A brief description of the project or services provided (for instance, project title or internal reference)

(f) Services covered (e.g., audits, breach management, SAR management, delivery of DPIAs)

  • ⁠ ⁠Please indicate what deliverables were produced
  • ⁠ ⁠Procurement method (e.g., open competition, framework agreement, direct award) and name of the procurement framework, if applicable.
  1. ⁠Consultancy Spend

2.1. What is the organisation’s, total annual expenditure on data protection/GDPR consultancy services?

2.2. For SoW/projects which have a spend of more than £5k), please share the following information:

  • ⁠Supplier company name
  • The scope of the Project (e.g., "ICO investigation support", DPIA support, Internal Audit recommendation support)
  • Spend
  • Procurement method
  1. Data Protection Compliance staffing

3.1. The Number of in-house data protection staff in the organisation? (FTE)

3.2. Are there any vacant roles? (Yes/No)

3.3. Where there any ICO investigations, audits, or enforcement actions for the period from FY2022/2023 to FY 2024/2025?

4. Future Plans

4.1. Is your organisation planning to put out to tender for any DPO/GDPR services in the current financial year?

4.2. If yes please provide the following:

  • Expected timeline
  • Budget range
  • Key service requirements
  • Procurement method

Response sent

  1. Current DPO arrangements

1.1. Is the organisation’s DPO and other staff that work on data protection compliance:

a. An internal employee

No

b. A DPO provided by an external service provider

Yes

c. Hybrid (internal staff with external service provider support)

No

1.2. Where services are provided by external providers, please share the following information:

a. The Company name(s)

Blue Pelican Consulting Ltd

b. Annual spend by your organisation (FY2022/2023 through to FY2024/2025)

Contract spend is as follows:

15/4/24 to 14/4/25     £121,125 Excl VAT

14/10/23 to 14/4/24     £59,375 Excl VAT

12/2/22 to 12/10/23     £120, 650 Excl VAT

c. The highest day rate paid

£475

d. Contract dates (start/end/renewal terms)

See our response to Q1.2(b) above

e. A brief description of the project or services provided (for instance, project title or internal reference)

To manage all aspects of the Trust’s Information Governance function.

f. Services covered (e.g., audits, breach management, SAR management, delivery of DPIAs)

Management of the whole Information Governance Function and all related tasks and issues.

  • ⁠Please indicate what deliverables were produced

Agreed monthly deliverables

  • Procurement method (e.g., open competition, framework agreement, direct award) and name of the procurement framework, if applicable.

Framework agreement RM1557

  1. ⁠Consultancy Spend

2.1. What is the organisation’s, total annual expenditure on data protection/GDPR consultancy services?

See our response to Q1.2(e) above.

2.2. For SoW/projects which have a spend of more than £5k), please share the following information:

Not applicable.

  • The scope of the Project (e.g., "ICO investigation support", DPIA support, Internal Audit recommendation support)

Not applicable.

  • Spend

Not applicable.

  • Procurement method

Not applicable.

  1. Data Protection Compliance staffing

3.1. The Number of in-house data protection staff in the organisation? (FTE)

None.

3.2. Are there any vacant roles? (Yes/No)

No

3.3. Where there any ICO investigations, audits, or enforcement actions for the period from FY2022/2023 to FY 2024/2025?

There were no IG investigations, audits or enforcement actions during this period.

  1. Future Plans

4.1. Is your organisation planning to put out to tender for any DPO/GDPR services in the current financial year?

The Trust does not hold any information on future IG Strategies or future IG delivery models.

Please note that the Trust is currently exploring a merger by acquisition with another organisation. This is further explained on our website: Tavistock and Portman NHS Foundation Trust merger update

 

Back to top