About usGet involvedHelp & supportContact us
Join Us
MyRCR Login
Our specialties
Clinical radiology
Discover clinical radiologyWhat is the future of radiology?Thinking about a career in radiology?
Starting your radiology careerGMC registrationPortfolio Pathway registration
Developing your radiology careerJobs boardSpotlight on series - practical tips to support your careerBreast clinicians
Radiology Boards & Committees
Clinical oncology
Discover clinical oncologyWhat is the future of clinical oncology?Thinking about a career in clinical oncology?Choose oncology
Starting your oncology careerGMC registrationPortfolio Pathway registration
Developing your oncology careerJobs boardSpotlight on series - practical tips to support your career
Oncology Boards & Committees
Membership
How to become a memberEvidence to support your membership applicationUK trainee enrolment
Membership categories & feesFellowship without examinationDiscounts on membershipMembers in training
Admission of FellowsFellows ceremony FAQsCeremony venue information
Member benefitsMember magazine
Membership FAQs
In tribute
Exams & training
RCR exams
Clinical radiology examsDDMFR Part ADDMFR Part BFRCR Part 1 (Radiology) - CR1FRCR Part 2A (Radiology) - CR2AFRCR Part 2B (Radiology) - CR2BJoint Final Exams (Radiology)
Clinical oncology examsFRCR Part 1 (Oncology) - CO1FRCR Part 2A (Oncology) - CO2AFRCR Part 2B (Oncology) - CO2BJoint Final Exams (Oncology)
Exam help & resources
Exam regulations & policies
Specialty training
Enrolling with the College
Risr/advance
Training guidance for clinical radiologyClinical radiology return to training toolkit
Training guidance for clinical oncologyOut of Programme Activities (OOPE, OOPR and OOPT)Clinical oncology return to training toolkit
Regional Specialty Advisers
Quality assurance
Completing training (CCT)
Clinical radiology curriculumInterventional radiology curriculumImplementation toolsAssessmentRadiology e-learning
Clinical oncology curriculumAssessmentOncology e-learning
Supported Return to Training (SuppoRTT) Supported Return to Training (SuppoRTT) FAQs
Medical Training Initiative (MTI)
Application process
Eligibility criteria
Guidance for UK supervisors
Guidance for potential MTI applicants
In-post guidance
Undergraduate clinical radiology
Undergraduate curriculum
The Undergraduate Radiology Societies Association (URSA)
Undergraduate clinical oncology
Undergraduate curriculum
Undergraduate Oncology Day
BONUS Society
CPD & events
All RCR eventsExternal eventsEvent guidancePartner with the RCR
CPD advice & supportCPD FAQs
Radiology Events and Learning (REAL)
RCR LearnCPD JournalRCR Learn FAQsContribute to RCR Learning
Revalidation
Career development
Audit & Quality ImprovementAuditLive (radiology)Audit Library (oncology)
Understanding career stagesSchool studentsMedical studentsFoundation & core medical trainees
Trainee HubClinical radiology trainee resourcesClinical oncology trainee resources
Being a consultantWorking as a radiologist in the UKHuman factors
Professional networks
Our mentoring schemes
Medical careers & recruitmentSpecialty recruitmentClinical radiology ST3 recruitment and specialty training schemeGlobal recruitmentPreparing for interviews
Research & academiaAcademic radiology & researchAcademic oncology & research
Awards & honours
Our services
All our publicationsClinical radiology publicationsClinical oncology publicationsNational radiotherapy consent formsSpotlight on series - practical tips to support your careerRCR consensus statementsRCR guidance consultationsJournalsPolicy reports
iReferGet involved with iRefer
Management & service deliveryQuality Standard for Imaging (QSI)Service reviewUsing & understanding cancer dataStructured Reporting For Cancer StagingDeveloping a business case for recruitment of CO traineesClinical Imaging Board
Advisory Appointment Committee (AAC)
Artificial intelligence (AI)Overcoming Barriers to AI Implementation in Imaging
News
All our latest updatesNewsBlogsPress releasesExam updates
Media centre
Policy and influencingPolicy reports & initiativesClinical radiology census reportsClinical oncology census reportsState of the waitRepresenting your voice in UK parliaments

Member benefits

View

Data Classification Policy

LEARN MORE

Publication date: July 2024

1.   Purpose and Scope

1.1    This Data Classification Policy outlines the principles and guidelines for classifying, handling, and protecting data held by the RCR in compliance with the UK General Data Protection Regulation (UK GDPR), other relevant data protection laws as well as financial, contractual and charity law.
1.2    This policy applies to all data processed and stored by the RCR or other parties on behalf of RCR, involving its staff members, volunteers and trustees and any other individuals who have access to its data.
1.3    This policy will be used to set user access controls on RCR data.

2.    Data classification levels

2.1    To ensure compliance with the UK GDPR, RCR classifies personal data into four levels, based on the sensitivity and risk of the data. The data classification levels are:
•    Public: This is data that is publicly available or can be freely disclosed without any harm or impact to the data subjects or RCR. Examples of public data are RCR’s name, address, website, logo, etc.
•    Internal: This is data that is not publicly available but can be accessed and shared within the RCR by employees and volunteers and other contributors for legitimate business purposes. Examples of internal personal data are names, job titles, contact details etc.
•    Confidential: This is data that is sensitive and must be protected from unauthorised access, disclosure, or loss. Confidential data may cause harm or impact to the data subjects or the RCR if compromised. Examples of confidential data are financial information, commercial information, contracts, etc.
•    Highly confidential: This is information of the highest sensitivity, such as special categories of personal data (e.g., health information, religious beliefs), which requires the highest level of protection.

3.    Data classification procedures

3.1    To implement the data classification policy, RCR follows these procedures:
•    Identify: RCR identifies and classifies the data that it processes, according to the data classification levels. RCR uses clear and consistent labels, to mark the data in both electronic and physical formats.
•    Protect: RCR applies appropriate security measures to protect the data that it processes, according to the data classification levels. RCR uses encryption, access control, password protection, firewalls, antivirus, backup, etc., to safeguard the data from unauthorised or accidental access, disclosure, or loss.
•    Transfer: RCR transfers data only when necessary and only to authorised recipients, according to the data classification levels. RCR ensures that the recipients have a legitimate and lawful reason to receive the data, and that they comply with the UK GDPR and the data classification policy. RCR also uses secure methods of transfer, such as encrypted email, a secure online portal, secure file transfer protocol (SFTP), SharePoint or registered mail, to prevent data breaches.
 
•    Store: RCR stores all data including personal data only for as long as necessary and only in secure locations, according to the data classification levels. RCR follows its data retention policy and the data minimisation principle, to keep only the data that is relevant and required for the business purposes. RCR also stores the data on secure servers, or cloud storage, to prevent data loss or damage.
•    Dispose: RCR disposes of personal data when it is no longer needed or when requested by the data subjects, according to the data classification levels. RCR follows the data disposal policy and the data subjects' rights, to delete or destroy the data in a secure and irreversible manner.

4.    Linked Policies

•    Data Protection policy
•    Data retention management policy
•    Data transfer policy
•    Data breach management policy
•    Data training policy
•    IT security policies


5.    Compliance

5.1    Any individual that is suspected of or found to not be complying with the policy requirements will be managed under the RCR's Disciplinary Procedure.

See the Royal College of Radiologists’ policies and privacy notices.

Policies