New mandatory data security toolkit

  • Date: 16 May 2018

A NEW Data Security and Protection Toolkit has been launched by NHS Digital which all organisations in England with access to NHS patient data and systems must complete to help keep patient information safe.

The new toolkit replaces the previous Information Governance Toolkit and is an online self-assessment tool that enables health and social care organisations to measure and publish their performance against the National Data Guardian’s ten data security standards and key elements of the General Data Protection Regulation (GDPR).

All organisations with access to NHS patient data and systems – including NHS Trusts, primary care and social care providers and commercial third parties – are required to complete the toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

Organisations which provide health services or connect to national systems will be required to complete the toolkit annually. NHS Digital says the toolkit will also support existing best practice, such as ISO27001 and Cyber Essentials Plus. This means that organisations already with accreditation are not be expected to complete all elements of the toolkit.

The toolkit will also over the course of the next year be used to support the Care Quality Commission’s Well Led inspections.

Link: Data Security and Protection Toolkit

This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.

Save this article

Save this article to a list of favourite articles which members can access in their account.

Save to library

Related Content



Coroner's inquests

Remote consulting

For registration, or any login issues, please visit our login page.