https://www.slab.org.uk/advice-agencies/scottish-national-standards-for-information-and-advice-partners/client-consent/
Organisations wishing to have their agency casework peer reviewed must submit a selection of client case-files to us for this purpose. Peer review under the SNSIAP is carried out remotely, which means the peer reviewers can access your case-files from where they are and do not need to come to your office.
The peer reviewers are given access to client case-files either via an electronic file-sharing process facilitated by us or (with the advice agency’s permission) by direct access to their case management system.
To collect, process, store or share personal information for the purpose of applying for SNSIAP accreditation, you must comply with the requirements of the General Data Protection Regulations 2016 (GDPR).
Most (but not all) agencies will be required to obtain consent from clients that their case-files can be shared with third parties for the purposes of quality assurance. Some agencies may be able to rely on a different legal basis under GDPR for sharing their client case-files and further information about this is available on the ICO website.
Please see our guidance note for further information on collecting client consent, if you are not sure your client consent meets the necessary format or you have not yet started to obtain client consent.
Further information on how data protection is managed during the peer review process is available on our website.