Data Security & Protection (DSPT)

CQC now expect a compliant DSPT assessment in line with their well-led quality statements regarding Governance, Management and Sustainability, and are now asking for it during inspections. If you have never published it or if you have not republished your assessment in the last 12 months, contact or call 01707 708018 for free support to complete it.

As part of the Better Security, Better Care programme, HCPA has been funded by NHSX to provide FREE support to Care Providers in Hertfordshire and Essex with completion of their DSPT.

The DSPT is an annual online assessment of your Data Protection & Cyber Security practices. As a care provider you need to ensure that you manage personal data securely within GDPR.

This assessment will take you through the necessary aspects of data compliance, mitigate the risk of disruption and financial and reputational repercussions from data breaches and cyber attacks and ensure best practice.

Once you have published the toolkit, you provide confidence to your service users and their families that you have met the required standard and are continuing to review and improve your data management and they can trust you to handle and process their personal data securely and appropriately.

Completion is a requirement to take advantage of key NHS systems and data initiatives, which save time and streamline processes.

  • NHSmail
  • Online Medication Ordering
  • Digital Social Care Records (DSCR)/Digital Transformation Fund
  • SystemOne
  • Hospital discharge information

It is also a requirement for delivering NHS contracts and for some local authorities.

What can the DSPT Team do for you?

  • Ensure you are compliant with Data Security law
  • Support completion of your Data Security & Protection Toolkit (DSPT)
  • Offer individual sessions to work through Toolkit questions
  • Share policy templates & guidance
  • Ensure you have mapped where you hold data
  • Ensure you are sharing Data legally
  • Help you meet Data management requirements for NHSmail and Online Ordering (Proxy Access)

Want to contact us for assistance or book a 1:1 session?


Call: 01707 708018

Alternatively, you can book onto any of our workshops

  • DSPT awareness
  • DSPT Introduction
  • DSPT questions walk-through
  • Section specific workshops covering:
    • Staffing and Roles
    • Policies and Procedures
    • Data Security
    • IT Systems and Devices

Book a workshop


You can access pre-recorded videos that you can view in your own time via the following links:

Digital Social Care guidance videos – including how to register, what you need to know about data security, policies and procedures, data protection and cyber security training for staff, protecting IT systems and devices from cyber attacks

How to publish to Approaching Standards
How to publish to Standards Met

How to get started

Single Site?
If you are completing as a single site, you will need your Organisation Data Service code (ODS code) and an email address to register.

Multi site?
If you are part of a large organisation the DSPT can be completed at Head Office/Parent level, but only if all processes and procedures are the same across all sites AND all sites are linked to the same Head Office/Parent code. Register using the Head Office/Parent code. Once complete the status will filter to all linked sites.

If this is the case, register using the HO code, once complete the status will filter to all linked sites.

Where processes & procedures differ, each site will need to register individually.

Register at

Don’t know your ODS/HO code? Search here

Problems with logging in?

DSPT (Exeter) Helpdesk (for account queries):

Telephone: 0300 303 4034


Want to contact us for assistance or book a 1:1 session?

Telephone: 01707 708018