There continues to be well publicised data breaches and service disruptions, including high-profile public sector data losses that have resulted in over one million pounds in monetary penalties being issued to NHS organisations by the Information Commissioner.

As of 2018 the IG toolkit was refreshed and replaced with the new Data Security and Protection Toolkit (DSPT). Whilst the standards have been updated it remains a tool which allows organisations to measure their compliance against law and central guidance and helps identify areas of partial or non-compliance.  In addition, there is a contractual obligation for providers to complete the DSPT and they are subject to audit against it and must:

• Inform the coordinating commissioner of the results of the audit; and,
• Publish the audit report both within the NHS Data Security and Protection Toolkit and on their website.