The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that enables organisations to measure and demonstrate how well they meet the National Data Guardian’s 10 Data Security Standards.
Depending on the organisation’s category, the DSPT may also incorporate the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF). Together, these frameworks assess how effectively an organisation protects patient information and manages data security risks.
Completion of the DSPT is mandatory for any organisation that accesses NHS patient data or NHS systems. It must be completed annually, and compliance maintained throughout the year.
The DSPT provides assurance to NHS England and the wider health and social care system that organisations handle data safely, meet legal obligations under the UK GDPR and Data Protection Act 2018, and manage cyber security risks responsibly.
