Answer DSPT questions

In order to reach Standards Met on the Data Security and Protection Toolkit, care providers need to answer 42 mandatory questions covering:

We have provided the following to help you complete each section:

  • short videos on answering questions about those topics
  • ‘tool tips’ including what the questions mean, what you need to have in place, and what evidence you need to gather
  • template policies and forms that you can download and adapt
  • useful links, including training materials and background information.

You can use this information to complete your DSPT for the first time OR to review, update and republish. Remember, you must complete the DSPT at least once a year in order to keep it up to date. The deadline is 30 June.

Question groupings and numbers

We have grouped the questions by topic – not strictly by the order in which they appear within the actual toolkit. We hope you find this useful as it will help you to focus on a particular topic and consider all your answers on that topic at the same time.

DSPT levels and mandatory questions

All care providers should aim to reach Standards Met on the DSPT. But if you’re completing it for the first time and you can’t quite answer all 42 questions for Standards Met, you can answer the 26 questions which are mandatory for Approaching Standards and publish an action plan highlighting how you will reach Standards Met the next time you complete the DSPT.

This guide focuses on the 42 questions that are mandatory for Standards Met. It does NOT include advice on answering the additional non-mandatory questions. Please see the NHS Big Picture Guides for more information about these questions.

PDF editions

You can download content as a PDF, or print each page. Select ‘Download or Print’ at the bottom of each page.

Staffing and Roles

Staff responsibilities - Staff training

Staffing and Roles

Policies and Procedures

Data protection policies & privacy notices - Documenting information - Suppliers - Retention and disposal

Policies and procedures: DSPT questions

Data security

Physical security - Data breaches - Business continuity planning

Data security: DSPT questions

IT systems and devices

Mobile devices - Passwords, back-ups and access - Systems and software

IT systems and devices: DSPT questions