Does completing the DSPT mean that we are compliant with the Data Protection Act 2018 and UK-GDPR?

The Approaching Standards level on the DSPT asks care providers to show evidence that they meet all of the minimum legislative requirements of the DPA and UK-GDPR (and some cyber security best practice). Standards Met is the level that all care providers should be aiming for as it demonstrates that they also meet the health and social care data security standards.

The DSPT is a self-assessment. It offers assurance but it does not, and was never designed to, guarantee that organisations always comply with the DPA and GDPR. To meet the legislative requirements, organisations have ongoing obligations. This cannot be captured in the snapshot of the annual DSPT.

Back to FAQs