Back to Legal & Trust Centre

Data Roles

Draft data-protection roles, and what may still be personal data.

Status
Draft
Version
v0.1 (draft)
Stage
Prepared for solicitor review - not in force
Last updated
15 June 2026

This page describes ANCHOR's draft assumptions about data-protection roles. These assumptions are not final and are subject to solicitor review.

Metadata-only does not mean no personal data

ANCHOR is metadata-only by default, but metadata-only does not mean no personal data is involved.

Information that may still be personal data

Depending on context, the following may still be personal data:

  • staff identifiers
  • reviewer attribution
  • learning records
  • audit events
  • public intake submissions
  • governance metadata

Draft controller and processor assumptions

Intended controller and processor assumptions are draft and subject to solicitor review. Nothing on this page is a final determination of data-protection roles, and it is not legal advice.

Clinic responsibilities

Clinic responsibilities remain in place, including for lawful basis, providing a privacy notice to data subjects, managing staff access, and ensuring that only appropriate data is submitted to ANCHOR.

Important notice

ANCHOR helps clinics evidence responsible AI governance practices. It does not make a clinic compliant with any law or professional standard, and it does not replace veterinary judgement. These pages are prepared for transparency and solicitor review and are not legal advice.