Please rotate the screen to Landscape view for best viewing experience.

Speak to an Expert: 01409 254 354


data security and protection toolkit - replaces the information governance toolkit

The Data Security and Protection Toolkit – new for GDPR

The Information Governance Toolkit was replaced by the Data Security and Protection Toolkit to more closely reflect the GDPR and Data Protection Act 2018 requirements during April 2018.

Its purpose is:

  • Provide time to implement the data security standards by reducing burden and duplication in the toolkit
  • KPIs that leaders can recognise and utilise to change culture
  • Making the first step more straightforward for smaller organisations
  • Listening to our stakeholders and piloting the new toolkit
  • Keeping the toolkit flexible and updated more regularly
  • Develop suitable guidance

Some of the new requirements for smaller organisations:

  • Leaders receive suitable data security and protection training
  • Organisations undertake process reviews to identify and improve processes which have caused breaches or near misses
  • NHS Organisations must act on CareCERT alerts and notifications
  • Organisations must complete a specific business continuity test for data security
  • Organisations must survey their software for unsupported systems
  • Organisations must ensure all networking components have had their default passwords changed

CODE contacted NHS Digital Care Cert, to find out more. Here is there response:

“Dentists providing NHS treatment are welcome to register to receive our communications. If they would like to do this then they can ideally email us providing their Organisation Data Service (ODS) code, previously known as the NACS code.

Dental practices are unlikely to be connected to the NHS Transition Network, which means they will not be able to access our Information Sharing Portal. However, they will still be able to receive our weekly bulletin with a summary of the published threats.”

You can request sign-up by emailing

Find out more about the CareCert service, including response times and customer charter on the NHS Digital website:

Care Quality Commission

  • CQC well-led inspections will include data security, but not fully agreed how this will work
  • Use information from DSPT and other intelligence from other sources
  • Data security includes more than cyber
  • CODE understands that the CQC will not be inspecting on data security immediately

Incident reporting
Until incident reporting becomes live in the DSPT, you should continue to report and data breach in the old IG toolkit.

CODE guidance
CODE is updating the guidance to the online toolkit document called the IG Improvement Plan (M 217A) to help you complete the new Data Security and Protection Toolkit, plus we will provide any additional policies. It will be released to members in July.

To find out more about iCompy and a special newsletter offer click here or email or call 01409 254 354. You can also arrange a free online demonstration.

Terms of use: information in this article is written in general terms and is believed to be based on the relevant legislation, regulations and good practice guidance. This information is indicative only and is intended as a guide for you to review and take particular professional advice to suit your circumstances. CODE is a trading name of the Confederation of Dental Employers Ltd and it licenses information to Codeplan Ltd. CODE and Codeplan do not accept any liability for any loss or claim that may arise from reliance on information provided. The use of this information indicates acceptance of these terms. ©CODE 2018.