Data Roles
Draft data-protection roles, and what may still be personal data.
- Status
- Draft
- Version
- v0.1 (draft)
- Stage
- Prepared for solicitor review - not in force
- Last updated
- 15 June 2026
This page describes ANCHOR's draft assumptions about data-protection roles. These assumptions are not final and are subject to solicitor review.
Metadata-only does not mean no personal data
ANCHOR is metadata-only by default, but metadata-only does not mean no personal data is involved.
Information that may still be personal data
Depending on context, the following may still be personal data:
- staff identifiers
- reviewer attribution
- learning records
- audit events
- public intake submissions
- governance metadata
Draft controller and processor assumptions
Intended controller and processor assumptions are draft and subject to solicitor review. Nothing on this page is a final determination of data-protection roles, and it is not legal advice.
Clinic responsibilities
Clinic responsibilities remain in place, including for lawful basis, providing a privacy notice to data subjects, managing staff access, and ensuring that only appropriate data is submitted to ANCHOR.
Related pages
Important notice
ANCHOR helps clinics evidence responsible AI governance practices. It does not make a clinic compliant with any law or professional standard, and it does not replace veterinary judgement. These pages are prepared for transparency and solicitor review and are not legal advice.