Type I


Webpage URL



Webpage URL



Webpage URL











Already familiar with SNSIAP? Use the quick links button below to jump straight to the section you need.


Data protection

As a processor of personal data you must comply with the Data Protection Act 1998, or other successor legislation. You can read more about how this applies to you on the Information Commissioners website at www.ico.org.uk.

Why data sharing is necessary for Peer Review

Under the right circumstances and for the right reasons, data sharing across and between organisations can play a crucial role in providing a better, more efficient or higher quality of service to customers. But sharing must be lawful and citizens’ rights under the Data Protection Act must be respected. Organisations that don’t understand what can and cannot be done legally are as likely to disadvantage their customers through excessive caution as they are by carelessness.

The Data Protection Act defines anyone who processes personal data as a Data Controller; this role comes with specific responsibilities that include ensuring any form of data sharing is lawful.

The Information Commissioner recommends putting in place Data Sharing Agreements with any third parties who you share data with or who process data on your behalf.

A Data Sharing Agreement should be agreed and signed by all relevant parties and should state why sharing is necessary and what conditions are in place to make it lawful.

A Data Sharing Agreement is considered best practice as it makes each party consider all legal implications including the eight Data Protection Principles. In addition to the Data Protection Act you should also consider any statutory prohibitions on sharing, copyright restrictions or a duty of confidence that may affect your ability to share personal data.

Other specific benefits to having a written agreement in place include:

For further information on how we will be managing data during the accreditation process please read our privacy statement (available in Word and PDF).

When your agency applies for accreditation you will be sharing data about your agency with us. You must therefore sign a data sharing agreement and send a copy to us. When your organisation applies for peer review we will discuss with you the data sharing agreements (DSA) required between your organisation, SLAB and the peer reviewer.

Sharing information with us via NextCloud

If your agency chooses to share its information and/or case files with us via NextCloud you must complete and sign the correct Data Sharing Agreements.

Peer Review

Audit and Accreditation

Sharing information via remote access to your case management

If your case management system and internal policies allow it, you can share your data by granting the peer reviewers and the Auditor remote access.

If you use AdvicePro you can provide the peer reviewer with remote access to your Case Management System. It will be your responsibility to set up an account for the peer reviewer and to isolate the case files to be reviewed. Paula Beaton at AdviceUK can support you with this process.

By choosing this method you will remain the data controller of the information provided to the peer reviewer and we will not have any responsibility for the shared information in terms of Data Sharing Legislation. You may therefore wish to enter into a Data Sharing Agreement between you and the Peer Reviewer. We have created a template Data Sharing Agreement for this purpose which agencies are free to use, however you should seek your own legal advice.

Please note that this guidance does not constitute legal advice and you are advised to seek your own independent legal advice in relation to your organisation's obligations under data protection legislation.