Technical issues and question formats

A quick guide to the format of DSPT questions and how many you need to answer.

DSPT compliance levels and questions

There are three levels that you can reach on DSPT. You should aim to reach at least Standards Met.

  • Approaching Standards: If you are unable to reach Standards Met the first time you complete the DSPT, you can get to Approaching Standards by answering 26 required questions. This is a one-off temporary step. 
  • Standards Met: All care providers should aim to reach compliance level ‘Standards Met’ on the DSPT. This is the standard you need in order to demonstrate to others that you are meeting good data protection standards. It involves answering 42 questions which demonstrate your adherence to data security legislation. 
  • Standards Exceeded: This standard shows that you have gone beyond legal requirements. You must have Cyber Essentials Plus in place to reach Standards Exceeded, but you do not need to answer any of the non-mandatory questions. There are ‘Big Picture Guides’  which include more detail and background on the DSPT and advice about how to answer the non-mandatory questions.

 

Question formats and how to answer them 

Evidence items are numbered and organised under four headings:  

  • Staffing and roles  
  • Policies and procedures  
  • Data security   
  • IT systems and devices  

There is no specific order to completing the DSPT. You can start anywhere and move back and forth between the evidence items. The system will autosave at regular intervals. 

If you have entered an answer and saved it, the word ‘COMPLETED’ will appear in the final column next to each question so you can keep track of which questions you still have left to complete. 

Under each section there are several questions or “evidence items”. Depending on the type of question, you will be asked to either upload a document, or write some text to answer the question or state what date something happened, or just tick a box to confirm that your organisation does something (like provide induction training to all new staff). To complete a question, you click on the blue writing. You can then see the best practice advice.

There are three different formats for the questions. 

Question format 1 – Tick to confirm 

You must put a tick in the box in the top, left-hand corner to confirm that you meet this standard.  We also strongly recommend that you put at least some supporting information in the Comments (optional) box so anyone else looking at your toolkit in the future knows where to find any supporting documentation – it may not be you completing the toolkit in a future year or anything else that you might find useful to know for when you next review the question.

Question format 2 – Text box 

Write your answer in the top text box. You can also enter text in the Comments (optional) box if you wish to do so, but this does not count as your answer.    If you only enter text in the Comments box and click ‘Save’, it will not show as completed and will prevent you from being able to publish the toolkit.

Question format 3 – Upload a document 

You must answer this question type by selecting one of the four blue links. You can do one of the following:

  • Upload a document OR
  • Reference an existing uploaded document – this means refer to another document already uploaded to the Toolkit OR
  • Specify a link to a document – insert a link to where the document is stored on your organisation’s website or intranet OR
  • Enter text describing the document’s location – write in the text box where the document is stored in your organisation’s system. Give sufficient information so that in future someone else would be able to find the document.

If you only put text in the ‘comments (optional)’ box, the word ‘completed’ does not appear in the column next to the question on the dashboard page and will prevent you from publishing the toolkit.  If you need to answer the question with ‘not applicable’, you should click on ‘Enter text describing the document’s location’ and write “Not applicable”.

Next steps and additional guidance

Now that you understand the format of the question, ff you are using the DSPT for the first time you should now:

  1. Register on the DSPT
  2. Complete your organisation’s DSPT profile
  3. Answer the questions
  4. Publish and share your DSPT

If you have previously published a DSPT assessment and are reviewing and republishing, you should now:

  1. Read our guidance on reviewing and republishing
  2. Check and answer the DSPT questions as required
  3. Publish and share your DSPT

 

Back