Under the Freedom of Information Act 2000, please provide the following information about your procurement of any:
(i) external Data Protection Officer (DPO)
(ii) Data protection GDPR compliance services for the period FY2022-23 to FY2024-25.
1. Current DPO arrangements
1.1 Is the organisation’s DPO and other staff that work on data Protection compliance:
An internal employee
Yes the DPO is an internal employee, all other staff working on data protection compliance are internal employees with the addition of 1fte agency staff working on Subject Access Requests
A DPO provided by an external service provider
No, our Data Protection Officer is an employee of the council.
Hybrid (internal staff with external service provider support)
No, Devon County Council does not commission any third parties to support the delivery of any of the functions carried out by the Data Protection Officer.
1.2 Where services are provided by external providers, please share the following information.
The Company name(s)
Not apllicable as Devon County Council does not commission any third parties to support the delivery of any of the functions carried out by the Data Protection Officer.
Annual spend by your organisation (FY2022/2023 through to FY2024/2025)
Not applicable as Devon County Council does not commission any third parties to support the delivery of any of the functions carried out by the Data Protection Officer.
The highest day rate paid
Not applicable as Devon County Council does not commission any third parties to support the delivery of any of the functions carried out by the Data Protection Officer.
Contract dates (start/end/renewal terms)
Not applicable as Devon County Council does not commission any third parties to support the delivery of any of the functions carried out by the Data Protection Officer.
(e) A brief description of the project or services provided (for instance, project title or internal reference)
Not applicable as Devon County Council does not commission any third parties to support the delivery of any of the functions carried out by the Data Protection Officer.
(f) Services covered (e.g., audits, breach management, SAR management, Delivery of DPIAs)
– Please indicate what deliverables were produced
– Procurement method (e.g., open competition, framework agreement, direct award) and name of the procurement framework, if applicable.
Not applicable as Devon County Council does not commission any third parties to support the delivery of any of the functions carried out by the Data Protection Officer.
2. Consultancy Spend
2.1 What is the organisation’s, total annual expenditure on data protection/GDPR consultancy services?
Nil
2.2 For SoW/projects which have a spend of more than £5k), please share the following information:
– Supplier company name
– The scope of the Project (e.g., “ICO investigation support”,
DPIA support, Internal Audit recommendation support)
– Spend
– Procurement method
Not applicable as Devon County Council does not commission any third parties to support the delivery of any of the functions carried out by the Data Protection Officer.
3. Data Protection Compliance staffing
3.1 The Number of in-house data protection staff in the organisation? (FTE)
3 staff working on data protection compliance and 8.2fte staff working on Subject Access Requests and Freedom of Information requests
3.2 Are there any vacant roles? (Yes/No)
No
3.3 Where there any ICO investigations, audits, or enforcement actions for the period from FY2022/2023 to FY2024/2025?
Devon County Council have cooperated with the Information Commissioner’s Office on a number of investigations into data protection breaches. We have not been the subject of any enforcement action by the ICO under data protection legislation during this period.
4. Future Plans
4.1 Is your organisation planning to put out to tender for any DPO/GDPR services in the current financial year?
This information is not held, as there are no current documented plans to commission services in this area.
4.2 If yes please provide the following:
Expected timeline
Budget range
Key service requirements
Procurement method
Not applicable as Devon County Council is not planning to commission services in this area.