NHS Digital – Data Security and Protection Toolkit | Services

NHS Toolkit

NHS Digital – Data Security and Protection Toolkit

If you supply goods and services to the NHS that process patient data, you will be subject to completing NHS Digital’s annual Data Security and Protection Toolkit.


Depending on which category of organisation you fit, you will be required to provide answers to ten data security standards, set out by the National Data Security Guardian.

If you are uncertain where to start, or simply do not have the capacity to review and upload your evidence to mandatory questions, the team at Databasix UK can support you.

How we can help you:

We will review, draft or format your key control documents as required for the NHS Toolkit. This is done in close consultation with the relevant members of your team so that the documents accurately reflect your organisation in context

Policies and key controls

  • Create or review your Register of Processing Activities.
  • Write or review your suite of data security and protection policies and procedures including the following:
    • A data protection policy for all staff, including practical guidance on how to handle, store, keep accurate and transfer data.
    • Retention schedule / policy
    • Data Disposal policy
    • Ensure all policies include ways of working relevant to hybrid working / remote working)

Management tasks and reporting controls

  • Ensure your submission is uploaded before 30th June 2023.
  • Register your organisation with the Information Commissioner’s Office.
  • Support creating appropriate governance structures to ensure data protection remains high on the organisational agenda.
  • Managing Data Breach Process, including template forms to complete as part of any investigation.
  • Handling subject access request process, and consider other relevant individual rights.
  • Data processing checklist to support procurement decision.
  • Draft a business continuity plan, including a risk assessment.

People and training

  • Process to establish Data Protection training programmes / records.
  • Conduct a training needs analysis to identify the level of compliance.
  • Staff exit checklist, to ensure all personal data and equipment belonging to the company is returned.
  • Update job descriptions to ensure that relevant data protection responsibilities are listed.
  • Introduction to UK GDPR e-Learning Course
  • Data Protection Compliance Team training
  • Data Protection Briefing for Senior Management
  • Upload responses to Toolkit questions, along with the required evidence for you to approve.

Contact us today

Latest News & Events

What Is a Data Leak and How Do They Happen?

Data leaks are a serious problem for organisations and individuals. In this day and age, individuals freely provide personal information to organisations, therefore a data leak can have a significant impact on both the company and the person. They often involve the exposure of personal data (such as name, address and financial details), with additional damage to the company or organisation in terms of potential financial loss and reputational damage.

Read more

Contact Databasix

Email info@dbxuk.com
Tel 01865 346080

Get Data Protection Services t/a Databasix
is a registered company in England & Wales.
Registration No. 15292208

Unit B Oakwood
Oakfield Industrial Estate
OX29 4TH

Supported by Business Resilience secured by OxLEP Business
Supported by Business Resilience secured by OxLEP Business