The deadline for the Data Security and Protection Toolkit (DSPT) was at the end of June this year and we know from experience – our own submission included – that this takes a lot of dedicated work, often from many members of your team.  

Well done to all who have recently completed submissions and provided that reassurance on your data protection measures meeting the required levels.

All organisations with access to NHS records must complete the DSPT, to prove they are compliant with the legislation and have suitable arrangements in place to keep the data they use, hold and share secure. It is a contractual requirement specified in the NHS England Standard Conditions contract and the toolkit requirements differ depending on organisation type.

Organisations using national systems such as NHSmail and the e-referral service are also required to complete the DSPT. Social care organisations are able to complete elements of the toolkit to ‘approaching standards’ level, stating progress is being made but are not quite ready to be ‘standards met’.

All other organisations should aim for their assessment to be ‘standards met’ in all areas.  Organisations with cyber essentials PLUS certification will be given the ‘standards exceeded’.   

Our team have extensive experience in completing the DSPT, both for our clients and in submitting our own self-assessments. If we can offer any guidance, run an audit prior to submission or check your content follows the required framework, please get in touch.