We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Data Security and Protection Toolkit: GDPR information
Summary
Why and how we process your data in the Data Security and Protection Toolkit (DSPT) and your rights.
| Controller | NHS Digital |
| How we use the information (processing activities) | The DSPT requires account details that contain an individual’s name, email address and telephone number for administration purposes. This includes providing audit data for all DSPT transactions and supporting NHS Digital services having a dependency on the DSPT. |
| Does this contain sensitive (special category) data such as health information? | No |
| Who are recipients of this data? |
None |
| Is data transferred outside the UK? | Within Europe |
| How long the data is kept | 3 years minimum from no longer required |
| Our lawful basis for holding this data | Legal obligation |
| Your rights |
|
| How can you withdraw your consent? |
Consent not the basis for processing |
| Is the data subject to decisions made solely by computers? (automated decision making) | No |
| Where does this data come from? | Data subject |
| The legal basis for collecting this data | Legal obligation (Direction) |
Where we use this data
Data Security and Protection Toolkit
The Data Security and Protection Toolkit is an online self-assessment tool that all organisations must use if they have access to NHS patient data and systems.