We use cookies to make this site work. We'd also like to set optional cookies so we can understand how the site is used and improve it. We will not set optional cookies unless you accept them. You can change your choice at any time from the Cookie settings link in the footer.
Strictly necessary cookies
These cookies are required for the site to work. They store your cookie preferences and keep your session secure. They are exempt from consent under PECR Regulation 6(4) because they are essential to deliver the service you have requested.
Optional cookies
Optional cookies help us understand how the site is used and provide additional features such as analytics, accessibility tools and translation. We will only set them if you accept.
Data Security & Protection Tool Kit
Data Security and Protection Tool Kit (DSPT)
This is an online self-assessment tool that allows organisations that process health and care data to measure their performance against National Data Guardian’s 10 data security standards. These security standards have been essential in protecting patient information by encouraging a focus on three key areas: people, process and technology.
In September 2024 NHSE and NDG announced a transition from these NDG 10 to the Nation Cyber Security Centres Cyber Assessment Framework (CAF) due to the rapidly changing landscape of technology and the heighten risks of cyber threats required more advanced approaches with CAF provides. This is a new change, and we are awaiting notification from NHSE on our transition date.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security, and that personal information is handled correctly.
The new incident reporting tool reflects the new reporting requirements of the General Data Protection Regulation (GDPR), and for relevant organisations the Networks and Information System (NIS) Regulations.
Breaches must be notified to the Information Commissioners Office without undue delay, the requirement is with 72 hours.