Framework documentation
The Accord
The Accord is a common set of principles and standards which support the sharing of personal information to deliver services to the people of Wales. Signing the Accord demonstrates a commitment to apply those principles. This has helped develop a consistent approach and improve confidence that information is shared lawfully, safely and effectively.
The Wales Accord on the Sharing of Personal Information (WASPI) is the recognised framework in Wales for public, private, and voluntary sector organisations to share data effectively. By signing the Accord, your organisation demonstrates a commitment to ensuring that personal information is protected while delivering vital services and coordinated care to the public.
Whether your organisation is a local authority, a health board, or a voluntary agency, participating with the Accord framework helps build trust with partners and the public and ensures compliance with data protection standards in data sharing.
Our registration process is straightforward for new partners to join. You can now sign the Accord and become a participating organisation in just a few moments using our dedicated online form.
Access the WASPI Sign-Up Form Here
If your organisation requires any advice or assistance while completing the form, please do not hesitate to contact us.
Formal adoption of the Accord is the responsibility of an organisation’s Chief Executive or Chief Officer. You will also be asked to nominate a Designated Person – usually your Data Protection Officer or equivalent – who has delegated responsibility for ensuring WASPI is implemented in your organisation. For small organisations the Chief Executive or Chief Officer may also be the Designated Person.
Standard Templates
The principles and standards set out in the Accord are put into practice through the development and implementation of data sharing agreements.
Currently, there are four types of templates under the WASPI framework:
Information Sharing Protocols (ISPs) - these support, regular and reciprocal sharing of personal information between data controllers for a specified purpose.
Data Disclosure Agreements (DDAs) - these support one-way disclosures of information from a data controller to one or more data controllers.
Joint Controller Agreements (JCAs) – These are agreements between multiple data controllers that are jointly determining the means and purpose of personal data processing, and is intended to comply with the requirements of Article 26 of the UK GDPR.
Data Processing Agreements (DPAs) – These support developing a contract between controllers and processors that will handle their data, and is intended to comply with the requirements of Article 28 of the UK GDPR.