The NHS Digital Data Security and Protection Toolkit has now replaced the Information Governance Toolkit. It allows organisations to demonstrate their compliance against the GDPR and the National Data Guardian Data Security Standards through completing a series of requirement statements. It will need to be completed by all organisations that process health and social care data starting from this year and will be used by the Care Quality Commission to monitor compliance in this area.

Organisations will need to demonstrate positive practices in a number of areas including having:

• Clear Information Governance policies, procedures and guidance for staff
• Privacy notices which tell individuals how their data is being used and their rights in relation to this
• A record of how your organisation is processing personal data
• Appropriate technical, physical and pseudonymisation controls to protect personal data
• Clear records management and retention practices
• Structured HR processes to ensure staff at all levels and in different roles are aware of their responsibilities for protecting personal data
• Clear processes for managing data breaches
• Documented Business Continuity processes
• Regular vulnerability testing, spot checks and audits of confidentiality and security practices

Evolve North can support you in completing this toolkit for the first time, reviewing how existing evidence from your IG Toolkit may support these new requirements, or in developing new evidence that may be needed in all of the areas detailed above. Evolve North’s mix of governance and data security expertise and extensive experience of working with health and social care organisations makes us ideally placed to support your needs in this area.