The GDPR gives a series of rights to people which relate to their personal data. There are specific rules depending upon how data is gathered. The following table describes the ways in which you can exercise your rights over your personal data. The table has been prepared on the basis of the ‘legitimate interests’ of the Health Board.
| GDPR Citizen Rights | Applies | Notes |
| The right to access data | Yes | You have the right to see your personal data |
| The right to erasure | Yes | You have a right to request your data is erased. Each request will be considered individually using the ICO guidance a Right to erasure | ICO |
| The right to correct inaccuracies | Yes | You may request amendments to incorrect information. Each request will be considered individually using the ICO guidance at Right to rectification | ICO |
| The right to restrict processing | Yes | You have a right to request information is not processed even when it cannot be erased. Each request will be considered individually using the ICO guidance at Right to restrict processing | ICO |
| The right to object to processing | Yes | We do not use any automated decision-making processes. For other objections, each request will be considered individually using the ICO guidance at Right to object | ICO |
| The right to data portability | No | This right does not apply to because you do not provide the data that we are processing. This is in line with ICO guidance at Right to data portability | ICO. However, where exercising rights to access data, we can provide data to you in an electronic format |
Additional rights include:
• The right to be informed about the regulator to whom complaints can be made (see below);
• The right to be informed about any transfers of data overseas: no data gathered from you will leave the United Kingdom;
• The right to be informed of how long data will be kept: your data will be kept in line with your staff records.