About usGet involvedHelp & supportContact us
Join Us
MyRCR Login
Our specialties
Clinical radiology
Discover clinical radiologyWhat is the future of radiology?Thinking about a career in radiology?
Starting your radiology careerGMC registrationPortfolio Pathway registration
Developing your radiology careerJobs boardSpotlight on series - practical tips to support your careerBreast clinicians
Radiology Boards & Committees
Clinical oncology
Discover clinical oncologyWhat is the future of clinical oncology?Thinking about a career in clinical oncology?Choose oncology
Starting your oncology careerGMC registrationPortfolio Pathway registration
Developing your oncology careerJobs boardSpotlight on series - practical tips to support your career
Oncology Boards & Committees
Membership
How to become a memberEvidence to support your membership applicationUK trainee enrolment
Membership categories & feesFellowship without examinationDiscounts on membershipMembers in training
Admission of FellowsFellows ceremony FAQsCeremony venue information
Member benefitsMember magazine
Membership FAQs
In tribute
Exams & training
RCR exams
Clinical radiology examsDDMFR Part ADDMFR Part BFRCR Part 1 (Radiology) - CR1FRCR Part 2A (Radiology) - CR2AFRCR Part 2B (Radiology) - CR2BJoint Final Exams (Radiology)
Clinical oncology examsFRCR Part 1 (Oncology) - CO1FRCR Part 2A (Oncology) - CO2AFRCR Part 2B (Oncology) - CO2BJoint Final Exams (Oncology)
Exam help & resources
Exam regulations & policies
Specialty training
Enrolling with the College
Risr/advance
Training guidance for clinical radiologyClinical radiology return to training toolkit
Training guidance for clinical oncologyOut of Programme Activities (OOPE, OOPR and OOPT)Clinical oncology return to training toolkit
Regional Specialty Advisers
Quality assurance
Completing training (CCT)
Clinical radiology curriculumInterventional radiology curriculumImplementation toolsAssessmentRadiology e-learning
Clinical oncology curriculumAssessmentOncology e-learning
Supported Return to Training (SuppoRTT) Supported Return to Training (SuppoRTT) FAQs
Medical Training Initiative (MTI)
Application process
Eligibility criteria
Guidance for UK supervisors
Guidance for potential MTI applicants
In-post guidance
Undergraduate clinical radiology
Undergraduate curriculum
The Undergraduate Radiology Societies Association (URSA)
Undergraduate clinical oncology
Undergraduate curriculum
Undergraduate Oncology Day
BONUS Society
CPD & events
All RCR eventsExternal eventsEvent guidancePartner with the RCR
CPD advice & supportCPD FAQs
Radiology Events and Learning (REAL)
RCR LearnCPD JournalRCR Learn FAQsContribute to RCR Learning
Revalidation
Career development
Audit & Quality ImprovementAuditLive (radiology)Audit Library (oncology)
Understanding career stagesSchool studentsMedical studentsFoundation & core medical trainees
Trainee HubClinical radiology trainee resourcesClinical oncology trainee resources
Being a consultantWorking as a radiologist in the UKHuman factors
Professional networks
Our mentoring schemes
Medical careers & recruitmentSpecialty recruitmentClinical radiology ST3 recruitment and specialty training schemeGlobal recruitmentPreparing for interviews
Research & academiaAcademic radiology & researchAcademic oncology & research
Awards & honours
Our services
All our publicationsClinical radiology publicationsClinical oncology publicationsNational radiotherapy consent formsSpotlight on series - practical tips to support your careerRCR consensus statementsRCR guidance consultationsJournalsPolicy reports
iReferGet involved with iRefer
Management & service deliveryQuality Standard for Imaging (QSI)Service reviewUsing & understanding cancer dataStructured Reporting For Cancer StagingDeveloping a business case for recruitment of CO traineesClinical Imaging Board
Advisory Appointment Committee (AAC)
Artificial intelligence (AI)Overcoming Barriers to AI Implementation in Imaging
News
All our latest updatesNewsBlogsPress releasesExam updates
Media centre
Policy and influencingPolicy reports & initiativesClinical radiology census reportsClinical oncology census reportsRepresenting your voice in UK parliaments

Member benefits

View

Data Retention Management Policy

The purpose of this policy is to define the principles relating to the management of electronic and physical information held by the Royal College of Radiologists (RCR).
LEARN MORE

Publication date: July 2024

1.   Purpose and Scope

1.1 The purpose of this policy is to define the principles relating to the management of electronic and physical information held by the Royal College of Radiologists (RCR).
1.2 This policy sets out the high-level framework for managing the RCR’s information and personal and sensitive data. This framework will ensure that records are managed effectively in accordance with legal requirements and any historical or operational needs of the RCR.
1.3 This policy applies to all records created during the course of the RCR’s business activities regardless of media, format, and storage applications.

2. Key principles

2.1 All staff members and RCR representatives are expected to adhere to this policy to ensure that the RCR’s management and use of information is efficient, reliable and that the RCR can demonstrate compliance with the relevant legal requirements.
2.2 The RCR is committed to maintaining the authenticity, reliability, and usability of its information by ensuring that all staff and RCR representatives are aware of their responsibilities in relation to managing, handling, and disposing of information and developing and supporting systems that enable information to be held securely where necessary.
2.3 The RCR will not retain information any longer than is necessary to fulfil its charitable and corporate objectives.
2.4 The UK GDPR storage limitation principle will be the defining principle for the retention of personal data. Article 5(1)(e) states that personal data shall be:
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)


3. Retention principles

3.1 All information assets, regardless of media, are subject to the RCR’s retention schedule and in accordance with the relevant legislation.
3.2 The purpose of the schedule is to prevent both the premature destruction and unnecessary retention of records that need to be held for a specified period to satisfy legal, financial and business requirements.
3.3 Documents, records and emails which contain information that is necessary for RCR to retain for business or legal purposes must be identified, classified and stored in RCR’s information
systems. Emails which contain information pertaining to decisions made or actions taken should not be stored in Outlook but saved as a permanent record and identified as such.
3.4 We assign clearly defined retention periods to our information to ensure it is kept for the appropriate length of time. Each retention period has three elements:
1. Trigger – the action which begins the retention period (e.g. ‘End of Financial Year’ or ‘End of Employment’)
2. Retention period – the length of time the information will be kept
3. Action – either ‘review’ or ‘destroy’.

  • If the action is ‘review’ the information must be reviewed to ensure it is no longer required before destruction. Outcomes of a review may be – dispose, mark for permanent preservation, or temporary extension to review again at a future date.
  • If the action is destroyed, this means the information can be destroyed without being reviewed

3.5 When reviewing each record any personal data should be identified. If a record contains personal data, there should be consideration of whether there is a business process that requires the RCR to hold this information. If there is no justifiable reason to hold the personal data, the record should be anonymised or destroyed accordingly.
3.6 Once records no longer have any value to the organisation for legal or evidential reasons, records are disposed of either through secure disposal, or if of continuing organisational importance, they will be selected for permanent preservation.

4. Retention periods

4.1 Retention periods are driven by legislation and/or business need. If there is no legally defined retention period for corporate information it is the responsibility of the relevant Information Asset Owner(s) to determine an appropriate retention period.
4.2 All personally identifiable information will be securely and appropriately stored, with access limited and, in accordance with GDPR principles, retained for only as long as is necessary for the purposes for which it was collected.


4.3 The following retention periods serve as the baseline to be adhered to, with a detailed retention schedule for each RCR business unit set out in the appendix to this policy:
4.3.1 100 years – Records that need to be retained for historical reasons and to preserve the RCR’s corporate memory should be retained indefinitely, with a one-hundred-year review period. This would apply to Trustee Board Minutes and papers and other Boards and Committees which are defined in the RCR’s Regulations (e.g. Faculty Leadership Teams Minutes, Council Minutes, Faculty Board Minutes). It should also include documents of historical interest. Items that fall within this latter category should be limited to those of truly historical value.
4.3.2 50 years – records on members’ examination outcomes, training and CPD.
4.3.3 7 years (6 years +1) – This would apply to financial information that we need to keep from the end of the last company financial year they relate to, or longer if: they show a transaction that covers more than one of the organisation's accounting periods. Seven years is the minimum time for defending tax audits and any financial irregularities.
 
4.3.4 6 years – Records that need to be retained for reference such as working documents, minutes and paperwork relating to committees and boards (other than Committees identified above) completed projects and work streams, publications, projects, and minutes of meetings that do not hold historical interest. Information held by HR on employees and former employees.
4.3.5 1 year – Records that need to be retained for reference such as general RCR enquiries.
4.3.6 6 months – Records containing sensitive data that need to be retained for reference or legal reasons, such as unsuccessful job applications (HR, committee posts).
4.3.7 90 days – records from members and prospective members confirming their identity and/or professional status.
4.3.8 Business need (exceptional) – records may be retained on an exceptional basis for future business needs if the needs are documented and reviewed on a regular basis. Contracts, for example, should be retained for at least the life of the contract and then reviewed on an annual basis.
4.4 Once the retention period specified has lapsed, the records should be reviewed and destroyed- or anonymised- unless, on an exceptional basis determined by the responsible
Information Asset Owner, it is required for some future business process. If this is the case, the record would be retained until review at some date specified at the review.

5. Retention and disposal schedule

5.1 Our Retention and Disposal Schedule sets out our retention periods. Information must be kept for the length of time defined in the Schedule unless there is a legal requirement to destroy it sooner.
5.2 The Schedule is reviewed every two years, or more frequently if appropriate.

6. Weeding

6.1 Not all information we create has long-term value. Our Retention and Disposal Schedule does not include redundant, obsolete or trivial (ROT) information. This should be destroyed periodically as part of routine housekeeping. Information should be weeded for two reasons:
• To ensure that we are not wasting money or space (either digital or physical) by storing ROT information.
• To make the process of reviewing records easier. Sifting through low-value records makes this process more time-consuming.
6.2 Examples of information which are usually of limited value include draft documents (which lose value and can become obsolete once a final version has been published), duplicates, research material and email correspondence. However, in some circumstances where an email chain provides evidence of a decision being made or action taken it should be preserved as a business record and saved to shared spaces.
6.3 Weeding should be done on a regular basis to ensure that clutter does not build up over time. It is up to each team to decide a reasonable schedule for housekeeping, based on their resources and the amount of information they generate. IAOs should encourage weeding on a regular basis.  
6.4 Weeding should cover all information stored, paper or digital, regardless of the system it is held on. This includes personal drives as well as shared areas.

7. Review

7.1 When information has reached the end of its retention period it may need to be reviewed to ensure that it is no longer required. Information that has an action of ‘destroy’ can be disposed of securely without a review. Where possible, automated retention rules should be built into corporate systems.
7.2 Where a review is required, the IAO should consider the relevant information and decide whether it can be destroyed. Information should only be retained beyond its retention period in limited circumstances; for example, if it is necessary to fulfil statutory or regulatory requirements or if it is subject to an information request or required to evidence events in case of a legal dispute.
7.3 In cases where the review concludes that the information needs to be retained for longer, the extension period should be no longer than two years and then reviewed again by the IAO.

8. Destruction

8.1 When records are no longer required by the RCR and do not have archival value they should be securely destroyed.
8.2 If the action on the retention schedule is ‘review’, destruction of records should not proceed without approval from the relevant IAO. A record containing what has been destroyed, when it was destroyed and the individual who authorised the destruction should be created.
8.3 If the action on the retention schedule is ‘destroy’, a Record of Destruction does not need to be created.
8.4 Records should be destroyed with the level of security required by the confidentiality of their contents. Paper records should be placed into confidential waste and documents stored on electronic systems should be deleted, including back-ups. Deletions should be carried out by someone with appropriate access to the system from which they are being deleted. Digital documents should be deleted and not overwritten.
8.5 When information is destroyed, all copies of the information should be destroyed at the same time (both digital and physical). Information cannot be considered to have been completely destroyed unless all copies have been destroyed as well.
8.6 If information is required to be retained for historical records it must be clearly labelled as such to avoid accidental deletion.

9. Linked Policies and Documents

• Data Protection Policy
• Retention and Disposal Schedule (In development)

10. Definition and Terms

Term Definition
Retention Trigger Is based on retention periods requiring the maintaining of records for a specified period after a defined event occurs.
Retained For Records should be retained for a specified period based on one of the RCR retention categories as defined above unless a business need can be demonstrated.

Reason

 Records and information should only be retained when there is a business, legal or historical need to do so.
Action Records and information are either retrieved for review or to be destroyed.
Retention Schedule Sets out the RCR’s policy with regards to retaining records. The schedule also sets out the disposal action and the justification for retaining records (such as legal or statutory requirement).
Retention Source Records and information are retained either in a paper/electronic based format.
Information Asset An Information Asset is a set of records, data or information maintained in relation to a business process. This could be a set of paper case files or an electronic business system.
Information Asset Owner (IAO) Creator or department in which the document has been assigned.
Record A record is information created, received, and maintained as evidence of an activity or decision made by an organisation or a person. Records are independent of media, and can encompass electronic and ‘hard copy’, tangible documents, and can potentially include formats such as data sets, web pages and other online material, emails, and audio-visual material.
Business need Information required for the completion of a business process or membership service.
Historical interest Information deemed important to retaining the history of the RCR as a charitable organisation.
Legal requirement Relates to records needing to be held for a specified period to satisfy legislation. Particularly related to financial information held by the RCR.
Documents Includes records in any format including but not limited to: Microsoft (or other providers) word, pdf, excel, PowerPoint, notepad and email.
Special category data Certain types of personal data which are considered to be particularly sensitive.

11. Compliance

11.1 Any individual that is suspected of or found to not be complying with the policy requirements will be managed under the RCR's Disciplinary Procedure.

See the Royal College of Radiologists’ policies and privacy notices.

Policies