Skip to main content

Data protection policy

This policy sets out how the College handles personal information about people in line with the Data Protection Act.

Introduction

The Royal College of Obstetricians and Gynaecologists (RCOG) is dedicated to the encouragement of the study and the advancement of the science and practice of obstetrics and gynaecology. It was incorporated by Royal Charter in 1947 and is a registered charity (No. 13280). The College is governed by a board of Trustees. It:

  • Improves and maintains proper standards in the practice of obstetrics and gynaecology for the benefit of the public
  • Educates medical practitioners in all aspects of obstetrics and gynaecology; promotes study and research into obstetrics and gynaecology and publishes the results
  • Conducts examinations for doctors wishing to specialise
  • Maintains a register of its Fellows and Members and those undertaking its continuing professional development programme
  • Reviews the suitability of training programmes for membership, specialist registration and subspecialties
  • Advises the government and other public bodies on matters of healthcare relating to the specialty
  • Provides statements and publishes reports on issues of public importance relevant to obstetrics and gynaecology
  • Organises scientific meetings, congresses and courses in the UK and overseas
  • Maintains a library and historical collection of records
  • Produces evidence-based guidelines for appropriate practice and procedures
  • Publishes patient information

This data protection policy is to be reviewed by the Information Governance Steering Group prior to approval.

The College reserves the right to modify this policy at any stage. It will be reviewed as necessary.

Guiding values

In order to conduct its normal business, the RCOG collects and uses certain types of personal information about living individuals. These include current, past and prospective Fellows, Members and Diplomates, trainees, staff, suppliers, clients, customers, and others with whom it has business, or with whom it communicates.

The College considers the lawful and correct treatment of such personal information as essential to the efficient and successful conduct of its business. It also recognises that it is crucial to fostering and maintaining the confidence of its main stakeholders and the wider public in the College and its operations.

The College is committed to ensuring that it treats personal information lawfully and correctly, and recognises that there are safeguards to ensure this in the Data Protection Act 1998.

Data protection principles

The College fully endorses and adheres to the Principles of Data Protection, as enumerated in the Act. These are that:

  • Personal information shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met
  • Personal information shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
  • Personal information shall be adequate, relevant and not excessive in relation to the purpose(s) for which it is processed
  • Personal information shall not be kept for longer than is necessary for those purpose(s)
  • Personal information shall be accurate and, where necessary, kept up-to-date
  • Personal information shall be processed in accordance with the rights of data subjects
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
  • Personal information shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

Organisational and management controls

The RCOG will put in place appropriate management and organisational controls in order to:

  • Observe fully conditions regarding the fair collection and use of personal information
  • Meet its legal obligations to specify the purposes for which such information is used
  • Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs, or to comply with any legal requirements
  • Ensure the quality of personal information used
  • Apply strict checks to determine the length of time personal information is held
  • Ensure that the rights of people about whom information is held can be fully exercised, including
    • The right to be informed that processing is being undertaken
    • The right of access to one’s personal information
    • The right to prevent processing in certain circumstances
    • The right to correct rectify, block or erase information which is regarded as wrong information
  • Take appropriate technical and other security measures to safeguard personal information
  • Ensure that personal information is not transferred abroad without suitable safeguards
  • Carry out regular assessments of compliance with the Data Protection Act 1998

Staff supervision, awareness and training

The College will also:

  • Appoint someone with specific responsibility for data protection – the Senior Information Risk Owner (SIRO)
  • Ensure that everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice
  • Describe clearly methods of handling personal information
  • Arrange for appropriate training for everyone managing and handling personal information
  • Supervise appropriately everyone managing and handling personal information
  • Ensure that staff deal with queries about personal information promptly and courteously
  • Conduct a regular review and audit of the way personal information is managed
  • Assess and evaluate regularly methods of handling personal information

Information governance management framework

Senior roles

The Senior Information Risk Owner, Knowledge and Information Manager, IG Lead and Information Asset Owner. Together they are accountable for:

  • Ensuring effective management, accountability, compliance and assurance for all aspects of IG
  • Ensuring there is top level awareness and support for IG
  • Providing direction in formulating, establishing and promoting IG policies
  • Ensuring assessments and audits for IG policies
  • Reporting regularly to the Information Governance Steering Group ensuring the approach to IG is communicated to all staff
  • Ensuring appropriate training is made available to staff
  • Ensuring compliance with law and national guidance
  • Promoting risk assessment and mitigation of IG/IT risks, using a risk management processes and escalating to the Corporate Risk Register
  • Providing advice to staff on using, maintaining, transferring and sharing sensitive information
  • Acting as the ‘conscience’ of the organisation in relation to handling and sharing of patient identifiable information and advising on lawful and ethical processing of information

Key policies

The following policies are in place or are being prepared and regularly reviewed:

  • Information governance policy
  • Security incident reporting policy
  • Remote access policy

Key governance bodies

  • Information Governance Steering Group

Resources

Key staff (responsibilities highlighted in job descriptions):

  • Senior Information Risk Owner (SIRO)
  • Knowledge and Information Manager
  • Information Asset Owner/Information Governance Lead

Governance framework

Information Asset Owners (IAOs)/IG Leads will be identified, provided with training and support and will carry out risk assessments on the information assets, to protect against unauthorised access or disclosure, within their area to support the Knowledge and Information Manager and SIRO.

Contact us

To contact the College about any data protection issues, please email Beatrice Jamnezhad or call +44 20 7772 6380. If Beatrice is unavailable, please email Victoria Bytel.

Elsewhere on the site

Governance
The College’s governance structure, including Council, committees and senior management
A–Z of RCOG contacts
Contact details for key departments and services at the College