About usGet involvedHelp & supportContact us
Join Us
MyRCR Login
Our specialties
Clinical radiology
Discover clinical radiologyWhat is the future of radiology?Thinking about a career in radiology?
Starting your radiology careerGMC registrationPortfolio Pathway registration
Developing your radiology careerJobs boardSpotlight on series - practical tips to support your careerBreast clinicians
Radiology Boards & Committees
Clinical oncology
Discover clinical oncologyWhat is the future of clinical oncology?Thinking about a career in clinical oncology?Choose oncology
Starting your oncology careerGMC registrationPortfolio Pathway registration
Developing your oncology careerJobs boardSpotlight on series - practical tips to support your career
Oncology Boards & Committees
Membership
How to become a memberEvidence to support your membership applicationUK trainee enrolment
Membership categories & feesFellowship without examinationDiscounts on membershipMembers in training
Admission of FellowsFellows ceremony FAQsCeremony venue information
Member benefitsMember magazine
Membership FAQs
In tribute
Exams & training
RCR exams
Clinical radiology examsDDMFR Part ADDMFR Part BFRCR Part 1 (Radiology) - CR1FRCR Part 2A (Radiology) - CR2AFRCR Part 2B (Radiology) - CR2BJoint Final Exams (Radiology)
Clinical oncology examsFRCR Part 1 (Oncology) - CO1FRCR Part 2A (Oncology) - CO2AFRCR Part 2B (Oncology) - CO2BJoint Final Exams (Oncology)
Exam help & resources
Exam regulations & policies
Specialty training
Enrolling with the College
Risr/advance
Training guidance for clinical radiologyClinical radiology return to training toolkit
Training guidance for clinical oncologyOut of Programme Activities (OOPE, OOPR and OOPT)Clinical oncology return to training toolkit
Regional Specialty Advisers
Quality assurance
Completing training (CCT)
Clinical radiology curriculumInterventional radiology curriculumImplementation toolsAssessmentRadiology e-learning
Clinical oncology curriculumAssessmentOncology e-learning
Supported Return to Training (SuppoRTT) Supported Return to Training (SuppoRTT) FAQs
Medical Training Initiative (MTI)
Application process
Eligibility criteria
Guidance for UK supervisors
Guidance for potential MTI applicants
In-post guidance
Undergraduate clinical radiology
Undergraduate curriculum
The Undergraduate Radiology Societies Association (URSA)
Undergraduate clinical oncology
Undergraduate curriculum
Undergraduate Oncology Day
BONUS Society
CPD & events
All RCR eventsExternal eventsEvent guidancePartner with the RCR
CPD advice & supportCPD FAQs
Radiology Events and Learning (REAL)
RCR LearnCPD JournalRCR Learn FAQsContribute to RCR Learning
Revalidation
Career development
Audit & Quality ImprovementAuditLive (radiology)Audit Library (oncology)
Understanding career stagesSchool studentsMedical studentsFoundation & core medical trainees
Trainee HubClinical radiology trainee resourcesClinical oncology trainee resources
Being a consultantWorking as a radiologist in the UKHuman factors
Professional networks
Our mentoring schemes
Medical careers & recruitmentSpecialty recruitmentClinical radiology ST3 recruitment and specialty training schemeGlobal recruitmentPreparing for interviews
Research & academiaAcademic radiology & researchAcademic oncology & research
Awards & honours
Our services
All our publicationsClinical radiology publicationsClinical oncology publicationsNational radiotherapy consent formsSpotlight on series - practical tips to support your careerRCR consensus statementsRCR guidance consultationsJournalsPolicy reports
iReferGet involved with iRefer
Management & service deliveryQuality Standard for Imaging (QSI)Service reviewUsing & understanding cancer dataStructured Reporting For Cancer StagingDeveloping a business case for recruitment of CO traineesClinical Imaging Board
Advisory Appointment Committee (AAC)
Artificial intelligence (AI)Overcoming Barriers to AI Implementation in Imaging
News
All our latest updatesNewsBlogsPress releasesExam updates
Media centre
Policy and influencingPolicy reports & initiativesClinical radiology census reportsClinical oncology census reportsState of the waitRepresenting your voice in UK parliaments

Member benefits

View

Data protection policy and procedures

Publication date: July 2024
LEARN MORE

1. Our commitment to the Legal Principles

1.1 In order to conduct its business, The Royal College of Radiologists (RCR) processes personal data about living individuals. These are current and prospective individuals who come in to contact with the RCR and with whom it communicates and conducts business.

1.2 The RCR commits to comply with the UK General Data Protection Regulation (GDPR), and the Data Protection Act 2018 (DPA 2018), and any other applicable data protection and privacy laws. The RCR commitment applies to all the processing of personal data carried out by RCR including processing carried out by joint controllers, contractors and processors. 

1.3 The RCR will abide by the key principles of the GDPR, as set out in Article 5 of the GDPR:

  • Principle (1) – lawfulness, fairness and transparency 
  • Principle (2) – purpose limitation
  • Principle (3) – data minimisation 
  • Principle (4) – accuracy 
  • Principle (5) – storage limitation 
  • Principle (6) – integrity and confidentiality 
  • Principle (7) – accountability 

2. Information covered by Data Protection Legislation

2.1 The UK GDPR definition of "personal data" includes any information relating to an identified or identifiable natural living person. This can be known as PII (personally identifiable information) 
or PID (personally identifiable data). Pseudonymised personal data is covered by the legislation, however, anonymised data is not regulated by the UK GDPR or DPA 2018, providing the anonymisation has not been done in a reversible way.

2.2 Some personal data is more sensitive and is afforded more protection, this may be referred to as ‘special category data’. It is information related to:

  • Race or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric ID data
  • Health data
  • Sexual life and/or sexual orientation; and
  • Criminal data (convictions and offences)

3. Our commitment to your rights relating to your data

3.1 The purpose of the data protection principles is to keep people safe and respect their rights. You have a right to:

  • understand what data RCR holds about you and how it is being used
  • see that information and get your own copy of it to use however you want
  • correct the information if it is wrong
  • ask for it to be deleted or limit how it is used
  • complain if you do not like the things RCR is doing with your data

4. Our commitment to ensure that lawful processing is carried out

4.1 The trustees of the RCR as a charity registered with the Charity Commission have ultimate responsibility for ensuring compliance with the General Data Protection Regulation for the RCR. The Trustee Board has delegated this responsibility day to day to the RCR Chief 
Executive.

4.2 The RCR is committed to transparent, lawful, and fair proportionate processing of personal data. This includes all personal data we process about our Fellows, members, staff or those who work or interact with us. To meet our obligations, we put in place appropriate and effective measures to make sure we comply with data protection law:

  • Privacy notices – which are published on our website and reviewed regularly
  • Training for staff and volunteers
  • Breaches – we have a reporting mechanism that is communicated to all staff
  • We assess if we need to report breaches to the Information Commissioner’s Office and take appropriate action to make data subjects aware if necessary
  • Policies and Procedures – including for Subject Access Requests
  • Appropriate IT security controls
  • Data Protection Officer – an individual primarily responsible for advising on and assessing RCR compliance with the DPA and UK GDPR and making recommendations to improve compliance. The RCR DPO is the Head of Governance, and they can be contacted at [email protected]

5. Our commitment to minimise data collection

5.1 RCR will minimise our data collection to what is adequate, relevant, and limited to what is necessary.

6. Our commitment to ensuring staff are trained and up to date

6.1 Our staff have access to a number of policies, operational procedures and guidance to give them appropriate direction on the application of the data protection legislation.

6.2 RCR requires all staff to undertake mandatory training on information governance and security which is refreshed annually. In addition, all staff are required to attend a more detailed data protection training module as part of their induction.

7. Linked Policies

7.1 Policies and review timetable

This document and all the related policies and procedures will be reviewed when there is a change or every two years, whichever is sooner. 

7.2 Related policies and procedures:

  • Data Breach procedure
  • Data Breach Management procedure
  • Subject Access Request procedure
  • Data classification 
  • Data retention management policy
  • Training plan for staff and volunteers
  • Data security policies:
    • IT security policy
    • Asset management policy
    • Access control policy
    • Password policy
    • Acceptable use of IT policy
    • Bring Your Own Device policy
    • Remote working
    • Acceptable use of guest Wi-Fi
    • Social media policy
    • CCTV policy
    • ChatGPT/AI policy
    • Clear desk and screen policy
    • Data transfer policy

See the Royal College of Radiologists’ policies and privacy notices.

Policies