Data Protection – DSPT

Page updated September 2021


Most extended primary eyecare services (EPECs) in England, such as MECS and CUES, are based on the ‘NHS standard contract’, and contractors who participate in EPECs, including subcontractors to Primary Eyecare Companies (PECs), must complete the full optical Data Security and Protection Toolkit (DSPT) checklist in QiO. The AOP has advised us that practices which only hold a GOS contract are not required to complete the DSPT.


From 1 July 2021, all optometry contractors applying for an NHS mail account must also complete the full optical DSPT checklist. Contractors have a full 12 months in which to complete the toolkit, with the 2021/22 cycle running from 1 July 2021 to 30 June 2022. For more information, and sources of support, including links to webinars, see this September 2021 update from LOCSU.


Work carried out in 2020 by LOCSU with NHSEI has generated improvements to the optical DSPT, to help with checklist completion before the deadline. The improvements include:

  • Advice on training resources
  • Clearer guidance on completing specific questions within the checklists
  • New templates and resources
  • Reduced duplication

LOCSU have worked with NHS Digital to integrate DSPT checklists into QiO, thereby removing the need for practices to navigate the NHS Digital website.


Where else can I get help when completing the DSPT?

Help is available in a number of ways from NHS Digital.

Primary Eyecare Services has produced a tutorial video on completing the DSPT.


For further information and guidance go to the QiO website or contact LOCSU via


Follow us on social media