The GDPR and the Data Protection Act 2018 (both referred to in this document as the Data Protection legislation) give individuals (data subjects) certain rights regarding information held about them (personal data). The Data Protection legislation also place obligations on those who process personal data (data controllers).
The definition of ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Anyone processing personal data must also comply with the data protection principles set out in the data protection legislation.
For further information please visit the following website: https://resolution.nhs.uk/how-we-use-your-data/subject-access-requests/
Subject Access Request (SAR) form: Subject Access Request Form