Data Security and Protection Toolkit

Data Security and Protection Toolkit

Providers of NHS services within England, including community pharmacy contractors, are required to give information governance assurances to the NHS each year via an online self-assessment – the Data Security and Protection Toolkit (previously called the ‘IG toolkit’).

Click on a heading below for more information

2020/21 Data Security and Protection Toolkit

PSNC is currently discussing the contents of the pharmacy Toolkit and related pharmacy guidance for the 2020/21 assessment with NHS Digital.

The deadline for completion of the 2020/21 toolkit is 30th June 2021.

2019/20 Data Security and Protection Toolkit

The final deadline for completing the mandatory questions was re-scheduled from March 31st 2020 to September 30th 2020.

COVID-19 update: It has been agreed that no action will be taken against contractors who have not completed the Data Security and Protection toolkit for 2019/20, provided they are working to complete the toolkit for 2020/21.

Read more about other contractual changes during the pandemic

PSNC recommends contractors reviewing these new briefings and proceed with will assist community pharmacy contractors completing the Toolkit (some of newer guidance highlighted gold):

Toolkit completion: Five steps to complete the Toolkit (overview)

Toolkit completion: Question-by-question guidance (mandatory questions) (PDF)

Toolkit completion: Question-by-question guidance (all questions) (spreadsheet)

2019/20 Toolkit webinar
In February 2020, PSNC and NHS Digital presented a webinar to support Toolkit completion. An on-demand version of the webinar is available via the link above.

Data opt-out system for patients and how to complete the opt-out Toolkit question

Other toolkit resources and support

Templates and resources


Toolkit FAQs

Some of the Toolkit guidance references the General Data Protection Regulation (GDPR) and the PSNC guidance, workbook and staff training.

Pharmacies can obtain support with queries regarding the Toolkit from the Exeter Helpdesk ( or 0300 3034034). The Exeter Helpdesk will be able to support pharmacies with the day-to-day administration of their account on the Toolkit, for example re-setting forgotten passwords and other technical support.

Answering technical questions and the Toolkit PMR feature

The Toolkit includes some technical questions which you may need the assistance of your PMR supplier to answer. Some PMR suppliers will provide information to support your completion of the technical questions via a guidance document or via their helpdesk.

Alternatively, some PMR suppliers have chosen to utilise the Toolkit PMR feature. This feature involves your PMR supplier setting up an email address (e.g. that they share with customers and this is then entered by the contractor within the ‘Admin’>’User List’ section of the Toolkit (the email address can be added as a ‘Member’). This then allows information supplied by your PMR supplier to be bulk-inserted for the mandatory technical questions within the Toolkit.

The bulk upload of information is likely to be at a pre-set time which your PMR supplier will advise you of. Once the information has been uploaded, you will be able to add or amend the answers entered by your PMR supplier if necessary. Your supplier, as a ‘Member’ within the Toolkit, will technically be able to see your answers to all the questions.

Head office batch submission feature for multiple pharmacy groups

The Toolkit contains functionality to allow pharmacy contractors with three or more pharmacies to complete a bulk submission of assessments on behalf of its branches. If this functionality is of interest to a contractor, they should first read:

Toolkit completion: Using the Data Security and Protection Toolkit’s HQ batch submission feature – step-by-step guide

Checking pharmacies linked to HQ code using ODS portal factsheet

These documents explain how to request the feature is set-up for you.

When you log in to the Toolkit as an HQ organisation (with HQ ODS code), you will be able to complete your assessment, review your list of branches and publish your Toolkit assessment for your branches. Your HQ’s branch list has been populated from data held by the ODS team.  If your list is not accurate, please raise a support call with the Exeter Helpdesk.


Related resources

If you have queries about this webpage, please contact


Return to the Pharmacy IT hub, Data security hub, or IT a-z index


Latest Contract & IT news

View more Contract & IT news >