Working together to handle personal data safely, respectfully and lawfully
About this policy
This Data Protection Policy is the Royal College of Obstetricians and Gynaecologists’ (RCOG or the College) policy regarding the safekeeping of all the personal data processed to deliver the College’s business.
In order to conduct its normal business, the College collects and uses certain types of personal information about living individuals. These include current, past and prospective trainees, members, employees, College representatives, suppliers, clients, customers, and others with whom it has business, or with whom it communicates. We will be open and transparent with all our data subjects.
The College considers the lawful and correct treatment of such personal information as essential to the efficient and successful conduct of its business. It also recognises that it is crucial to fostering and maintaining the confidence of its main stakeholders and the wider public in the College and its operations.
Purpose
The purpose of the RCOG Data Protection Policy is to:
- Comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act (DPA) 2018, the common law of confidentiality and all other relevant national legislation
- Support the 10 Data Security Standards
- Meet our data protection standards
- Protect the rights of our employees, officers, trainees, members, College representatives, suppliers, clients, customers and public users
- Protect the College from the risks of a data protection breach and related reputational, financial and legal damage
This policy covers:
- Our data protection principles and commitment to common law and legislative compliance
- Procedures for data protection by design and by default.
It is underpinned by the following specific policies and procedures:
- Agile Working Guidance (internal only)
- NHS Data Security and Protection Toolkit – Category 3
- Contract Signing Policy (internal only)
- Data Security and Protection Incident Handling Policy and Procedures
- IT Security Policy (internal only)
- Privacy Policy
- Records Management Policy and Procedures, including our Data Quality standards.
Scope
This policy applies to:
- All Employees (permanent, temporary, contracted and voluntary), officers, Board of Trustee/Committee members, trainees, members, College representatives and suppliers who handle and use our information (where we’re the 'Controller' for the personal data being processed), whether we hold it on our systems (manual and automated) or if others hold it on their systems for us
- All Personal data processing we carry out for others (where we’re the 'Processor' for the personal data being processed)
- All formats of personal data, e.g. printed and digital information, text and images, documents and records, data and audio recordings
Documents
For more information about how the College uses the personal information it collects, please read the RCOG Privacy Policy.