Skip to main content

Templates and guidance

WASPI templates have been agreed by the WASPI Management Board. They are pre-populated with set headings and standard text with clear indications where text needs to be added. As the aim of the templates is to promote consistency and ensure the relevant considerations have been taken into account, you should not make any alterations to the templates. Any suggested amendments to the template should be discussed with your information governance team and passed onto the WASPI team (where appropriate).

Guidance has been produced for each of the templates helping you understand how to populate the relevant template. This flow diagram has been designed to help determine which agreement  would be the appropriate template to use.


Information Sharing Protocol (ISP)

ISPs help organisations to set out, in a consistent and clear manner, the detail of personal information shared for specified purposes to deliver public services. They require the identification of a lawful basis for sharing and assume a Data Protection Impact Assessment / Privacy Impact Assessment has been carried out in advance of personal information being shared.

ISPs underpin the regular, reciprocal sharing of personal information between Data Controllers.

ISP Template – Version 5.3 
Information Reference Table – Version 5 (excel version)
Guide on the Development of an ISP - This document will provide you the considerations to undertake before developing an ISP and a step-by-step guide to completing the ISP template.

Quality Assurance Guidance for ISPs - This document describes the process of quality assuring an ISP once a final draft has been agreed.

Please ensure you consult your information governance team and refer to the guidance before developing any ISPs. 


Data Disclosure Agreement (DDA)

DDAs are intended for use when personal data is to be disclosed (i.e. passed one way) from one Data Controller to another for a specific purpose. DDAs are not intended for use in instances where the disclosure is from a Data Controller to a Data Processor and do not replace the requirement for appropriate contracts.

Data Disclosure Agreement Template
Guide on the Development of a DDA

Please ensure you consult your information governance team and refer to the guidance before developing any DDAs. 


Blake Morgan/WASPI Joint Controller and Data Processing Agreements

Following requests from stakeholders the WASPI team have been working with Blake Morgan LLP to development a new set of templates which could be adopted under the WASPI framework standards.  We believe these will help to enhance consistent Wales approaches to data protection standards.   
We have developed template Data Processing Agreement and Joint Controller Agreement documents and supporting guidance for each.  These are designed to support a range of organisations and are fully flexible as they would not be subject to any WASPI quality assurance processes.  

The templates have been developed by WASPI in partnership with Blake Morgan LLP.  Whilst other organisations may use the JCA and DPA templates, neither WASPI nor Blake Morgan shall owe any duty of care to any other entities and all liability of WASPI and Blake Morgan LLP to all other entities is hereby excluded. Organisations are advised to continue to seek their own advice on the contents and use of these templates.


Joint Controller Agreement 

Joint Controller Agreement Template  

Joint Controller Agreement Guidance

Data Processing Agreement 

Data Processing Agreement Template

Data Processing Agreement Guidance