Your Practice needs to complete and publish its Data Security Protection Toolkit (DSPT) self-assessment by 30 June 2025.

The DSPT online self-assessment tool allows Practice to measure their performance against the National Data Guardian’s 10 Data Security Standards.

Health and care organisations that have access to NHS patient data and systems should complete and publish a DSPT self-assessment every year against the standard to provide assurance that they are practising good data security, and they are handling personal information correctly, including maintaining the security of patient information.

Publishing an annual DSPT self-assessment will also help your organisation demonstrate its UK GDPR and cyber maturity, and its NHS contractual obligations.

Practice that have completed the DSPT before, will find much of the information will be on your toolkit assessment. You need to check and update your previous entries and republish before the deadline.

What to do now

Please log in your DSPT account and complete your assessment for 2024-25. You should review and confirm responses carried forward from your 2023-24 submission as well as working on any new/changed evidence items.

Remember to complete and publish your self-assessment by 30 June 2025.

Resources

Here are some resources to help you complete your assessment:

• Join one of our webinar training events
• Read our Overview and Introductory Guidance
• Refer to the Big Picture Guides
• View a webinar recording

If you have any questions or require help with your assessment, then please the Data Security Protection Toolkit (DSPT) team using the contact us page.