NHS Toolkit audit and support


Ensure Compliance
with our NHS Toolkit Audit (DSPT) Support

Are you required by the Department of Health and Social Care to complete the NHS Data Security and Protection toolkit (DSPT)? Do you need help with your DPST submission? Perhaps you are looking for an organisation to audit your work before you post your submission. 

At DPAS we offer tailored consultancy support that is specifically designed to meet the unique needs of your organisation. Our consultants will work closely with you to assess your current data protection practices and identify any gaps or areas that require improvement before your submission. We’ll guide you through each requirement of the DSPT, helping you develop robust policies and procedures to ensure compliance. We’ll help you understand the toolkit’s requirements in simple terms, provide practical guidance, and assist you in implementing the necessary measures to meet the standards. 

If you’ve already completed the DSPT ready for submission, we can audit the work you’ve done to ensure the the submission will meet the standards. By using a specialist consultancy, like DPAS, you can ensure that your DPO and IG teams can continue with business as usual. 

nhs toolkit audit and support

On top of an already demanding workload, we had a new system integration, a merger to form a new Trust, and the impact of Covid to deal with. DPAS really helped to take the pressure off by helping with complex SARs, and DPIAs. Having no idea how many SARs you may receive, having the ability to flex by using additional resources can be quite useful. Knowing I can rely on Charlotte’s support with DPIAs and data sharing agreements, really takes the pressure off. It is really helpful, having someone that can take the time out to review requests.

rhiannon platt

royal devon university healthcare NHS FOUNDATION TRUST


Our experienced data protection consultants possess in-depth knowledge of data security and data protection regulations, that coupled with experience dealing with submissions on behalf of the NHS Trusts means you are in good hands. Giving you confidence in completing the DSPT, and allowing you the time to focus on other business activities. 

You can adjust the level of support you receive based on your organisation’s needs, which can be especially valuable during times of growth or change. We can provide support with minimal disruption to your organisation.

Completing the NHS toolkit can be time-consuming, especially if you’re unfamiliar with the process. Our consultancy service streamlines the completion process, saving you valuable time and resources. We’ll handle the complexities, allowing you to focus on your core operations. 

Data protection regulations are constantly changing and evolving. When you outsource an audit and/or support for the DSPT, you can rely on the expertise of your service provider to stay up to date on the latest regulations and ensure that your organisation is compliant, and therefore have a comprehensive understanding of the associated risks. 

Your organisation can tailor the support based on where there are gaps in compliance within the DSPT. Outsourcing this support reduces the need to develop resources, capacity, and capability needed to improve compliance which can result in significant cost savings for your organisation. 

Using an external provider to provide tailored support and an audit (if required) of the DSPT allows you to focus on your core business activities, whilst having the peace of mind that compliance is being managed by the experts. This can improve overall efficiency and productivity within your organisation. 

You will gain access to a team of experts who have specialised knowledge and experience in data protection and in particular the DSPT. This can help ensure that your organisation is complying with all relevant data protection regulations and best practices regarding the Mandatory requirements for the DSPT. 

Using DPAS ensures a fresh pair of eyes on your organisations processes and an independent assessment to ensure you are compliant with the DSPT’s requirements. You also are assured that the audit and/or support will not be subject to internal conflicting decision-making. 

What's Included?

The scope of the DSPT includes the following requirements that we can provide support for:

    • Creation and/or review of your policy suite to ensure you have the relevant data protection and information security policies and procedures in place notably an acceptable use policy and procedures.
    • Review of your data breach reporting and monitoring to minimise the risk of recurrence.
    • Creation and/or review of data breach/incident log and supporting documents if gaps are identified.
    • Creation and/or review of Records of Processing Activities (ROPA), Risk Register and Information Asset Register (IAR).
    • Review your Individual Rights compliance including Subject Access Requests (SARs) and support compliance where required if gaps are identified.
    • Review your NHS National Opt-Out compliance.
    • Review and/or complete an annual training needs analysis.
    • Review and/or develop role-based training for staff who need a greater understanding of data protection and information security e.g., IT Administrators.
    • Review training and awareness compliance (at least 95% of staff, directors, trustees, and volunteers must complete data protection and cyber security training annually).
    • Review and/or complete a ‘Supplier Assessment’ including a review of all contracts, creating a supplier list with contact details, etc.
    • Review and assist (if required) with a list of all staff (and volunteers if applicable), and their current roles to ensure it meets the requirements.
    • Review and/or develop cyber security/data security protocols and procedures including access control management procedures and password management protocols and procedures.
    • Review and/or develop your business continuity and disaster recovery plan including a procedure for testing the data and cyber security aspects of its business continuity plan.
    • Support through Cyber Essentials Certification.

The report created during the audit and support can be used within your board meetings to demonstrate your commitment to the importance of data protection and individual’s rights as well as demonstrate compliance with the DSPT.

Monthly updates on ICO guidance. Bi-weekly data protection bulletins.

Access via our online portal to a full suite of free templates, tools, policies, and more.

Meet Our Team Of DPO's & CONSULTANTS

Nigel Gooding

Chief Data Protection Officer

Natalie Bennett

Head of Data Protection Consultancy

Charlotte Bolt

Senior Data Protection Consultant

kunbi adekunbi

data protection consultant

lauren durham-hutchins

data privacy officer

gary o'reilly

legal counsel Consultant

WE WORK WITH FTSE 100s Multi-National Organisations Schools Universities Councils Local Governments Agencies NHS Trusts GP Practices Retailers Charities Multi-Academy Trusts Housing Associations Ambulance Services Insurance Companies Sporting Associations Airports Retail Companies Hospitality Businesses




Easy to understand data privacy and information security services that are always accessable, consistenty pragmatic and continually exceeding expectations.

Keeping on top of the changing DSPT criteria can be a challenge in itself. By outsourcing to an expert consultancy like DPAS, you can feel confident that you have the resources and expertise to ensure your submission is of a high standard.Having a consultant on hand, whether it is for auditing or completion of the DSPT, will allow you to be confident that you have effectively evidenced the DSPT standards.

At DPAS we pride ourselves on our pragmatic approach, allowing you to be in control of how much support you require, and how that is scheduled. This allows you to work with as little disruption as possible, and make working with a consultant as smooth as possible. 

Choosing an expert data protection consultant means you can feel confident in your DSPT submission. Freeing up time for your team to continue with business as usual, without the stress of the looming submission deadline. DPAS has worked tirelessly to ensure that we constantly exceed our clients expectations. 

DPAS understands the budget restraints within the NHS, we therefore provide bespoke, and flexible, options to ensure that you can feel supported whilst remaining within budget.

We have a wealth of experience delivering data protection and information security projects and training, to public, private, and third sectors. We understand that each organisation faces its own challenges, and always provide tailored solutions to meet your specific requirements.