Annual completion of DSP Toolkit (21st October 2019)

Explanation of the annual requirement to complete the Data Security and Protection Toolkit.

Annual completion of DSP Toolkit

The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that allows organisations that process health and care data to measure their performance against the National Data Guardian’s 10 data security standards.

Health and care organisations that have access to NHS Patient Data and Systems should complete a Data Security and Protection Toolkit self-assessment every year against the standard.  Information on the standard for 2019-2020 is available here:


Over 27,500 organisations published their 2018-19 assessment and so far over 1,700 have already published their 2019-2020 assessment.

Publishing an annual DSP Toolkit self-assessment will help you demonstrate your GDPR and Cyber maturity and your NHS contractual obligations.


What to do now

Please log in to your DSP Toolkit account and start working on your assessment for 2019-20. You can publish your assessment as soon as you have completed all of the mandatory evidence items – you do not have to wait until the end of the financial year. If your evidence changes you can review and republish your assessment at any time.


If you completed an assessment for 2018-19, where evidence items are not changed for 2019-20, existing responses have been carried forward to your new toolkit. You should review and confirm these as well as working on any new/changed evidence items. Your self-assessment should be completed and published by 31 March 2020.



If you have any questions or require help with your assessment, then please Contact us

Guidance materials are available through the Help pages.