1. Introduction
1.1 The Royal College of Obstetricians and Gynaecologists (RCOG) is dedicated to the encouragement of the study and the advancement of the science and practice of obstetrics and gynaecology. It was incorporated by Royal Charter in 1947 and is a registered charity (No. 13280) . The College is governed by an elected Council. It
- improves and maintains proper standards in the practice of obstetrics and gynaecology for the benefit of the public;
- educates medical practitioners in all aspects of obstetrics and gynaecology;
- promotes study and research into obstetrics and gynaecology and publishes the results;
- conducts examinations for doctors wishing to specialise;
- maintains a register of its Fellows and Members and those undertaking its continuing professional development programme;
- reviews the suitability of training programmes for membership, specialist registration and subspecialties;
- advises the government and other public bodies on matters of healthcare relating to the specialty;
- provides statements and publishes reports on issues of public importance relevant to obstetrics and gynaecology;
- organises scientific meetings, congresses and courses in the UK and overseas;
- maintains a library and historical collection of records;
- produces evidence based guidelines for appropriate practice and procedures;
- publishes patient information.
1.2 This data protection policy was approved by Heads of Department on 8 March 2006.
1.3 The College reserves the right to modify this policy at any stage. It will be reviewed when necessary.
2. Guiding values
2.1 In order to conduct its normal business, the RCOG collects and uses certain types of personal information about living individuals. These include current, past and prospective Fellows, Members and Diplomates, trainees, staff, suppliers, clients, customers, and others with whom it has business, or with whom it communicates.
2.2 The College considers the lawful and correct treatment of such personal information as essential to the efficient and successful conduct of its business. It also recognises that it is crucial to fostering and maintaining the confidence of its main stakeholders and the wider public in the College and its operations.
2.3 The College is committed to ensuring that it treats personal information lawfully and correctly, and recognises that there are safeguards to ensure this in the Data Protection Act 1998.
3. The Data Protection Principles
The College fully endorses and adheres to the Principles of Data Protection, as enumerated in the Act. These are that:
3.1 personal information shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;
3.2 personal information shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
3.3 personal information shall be adequate, relevant and not excessive in relation to the purpose(s) for which it is processed;
3.4 personal information shall not be kept for longer than is necessary for those purpose(s);
3.5 personal information shall be accurate and, where necessary, kept up-to-date;
3.6 personal information shall be processed in accordance with the rights of data subjects;
3.7 appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;
3.8 personal information shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Organisational and management controls
The RCOG will put in place appropriate management and organisational controls in order to:
4.1 observe fully conditions regarding the fair collection and use of personal information;
4.2 meet its legal obligations to specify the purposes for which such information is used;
4.3 collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs, or to comply with any legal requirements;
4.4 ensure the quality of personal information used;
4.5 apply strict checks to determine the length of time personal information is held;
4.6 ensure that the rights of people about whom information is held can be fully exercised, including
4.6.1 the right to be informed that processing is being undertaken:
4.6.2 the right of access to one's personal information;
4.6.3 the right to prevent processing in certain circumstances;
4.6.4 the right to correct rectify, block or erase information which is regarded as wrong information;
4.7 take appropriate technical and other security measures to safeguard personal information;
4.8 ensure that personal information is not transferred abroad without suitable safeguards;
4.9 carry out regular assessments of compliance with the Data Protection Act 1998.
5. Staff supervision, awareness and training
The College will also:
5.1 appoint someone with specific responsibility for data protection (currently the nominated person is the College Archivist);
5.2 ensure that everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
5.3 describe clearly methods of handling personal information;
5.4 arrange for appropriate training for everyone managing and handling personal information;
5.5 supervise appropriately everyone managing and handling personal information;
5.6 ensure that staff deal with queries about personal information promptly and courteously;
5.7 conduct a regular review and audit of the way personal information is managed;
5.8 assess and evaluate regularly methods of handling personal information.
Last updated 25/07/2006