You are currently using an unsupported browser which could affect the appearance and functionality of this website. Please consider upgrading to the latest version or using alternatives such as Mozilla Firefox, Google Chrome or Microsoft Edge.

Data security and protection incident handling policy and procedures

Working together to handle personal data safely, respectfully and lawfully

About this policy

This Data Security and Protection Incident Handling Policy is the Royal College of Obstetricians and Gynaecologists’ (RCOG or the College) policy regarding the swift and effective handling of all potential and actual data security and protection incidents, in line with the Information Commissioner Office’s (ICO) guidance and RCOG Data Protection Policy. The Policy ensures the College are aware of what to do and who to contact in the instance of a potential or actual information security incident or data protection (DSP) breach occurs.

Purpose

The purpose of this policy is to: 

  • Assist in the accurate identification of data security and protection incidents (the incident(s), suspected security weaknesses or near misses and security threats to services or systems
  • Advise on how to report these incidents 
  • Provide an outline of the investigation process
  • Empower you to be diligent and question procedures, protocols and events that you consider could cause damage, harm, distress, non-compliance or damage to the College’s reputation, and
  • Enforce the College’s Data Protection Policy.

Scope

The Policy applies to all employees (permanent, temporary, contracted and voluntary), officers, Board of Trustee/Committee members, trainees, members, College representatives and suppliers who handle and use our information (where we’re the 'Controller' for the personal data being processed), whether we hold it on our systems (manual and automated) or if others hold it on their systems for us.

Documents