General Data Protection Regulation (GDPR) and the RCR

As a College, the RCR collects a range of data about you as an individual, from your mailing preferences to the level of medical training you have completed.

On 25 May 2018 the laws governing how we manage data changed. These laws formed the General Data Protection Regulation (GDPR) and replaced the Data Protection Act 1998.

How do we keep your data secure?

The RCR processes all data in adherence with the Data Protection Act 1998. This legislation sets out requirements for how we, as the data controller, process personal data. Personal data is defined as any data which identifies or is likely to identify a living individual, including facts and opinions. We collect personal data so that we can maintain your membership, examinations and training records as well as provide you with information about events, services and other RCR activities.

We may share information with other third parties where there is a statutory requirement or legal obligation to do so, or share information with appropriate third parties to improve clinical practice or medical training.

What’s changed?

On 25 May 2018 the General Data Protection Regulation (GDPR) replaced the current Data Protection Act 1998. Data protection legislation has become more rigorous, so the College has been working to ensure our policies and guidance meet the requirements of the new rules. This includes reviewing our processes and procedures around key areas such as subject access requests and security breaches and bringing policies up to date. 

How will this affect you?

You can be confident that the College will protect any personal data we may collect about you. You may notice some changes in our online application forms, to our privacy policies and the terms and conditions that we use to process your data. Please take some time to read these through thoroughly, as it is very important that you are fully informed about how your data is processed and maintained by the College.

The new regulation means there will be greater transparency around using personal data. In accordance with the new regulations, we may on occasions need to get your explicit consent to use your data, for example to pass the information on to a new third party. If this is the case, we will contact you directly, and you will need to opt-in to have that information sent. Information will not be passed on without your specific permission.

If you would like a copy of your personal data that the College holds (also known as a Subject Access Request), you should send a request in writing to our Data Protection Officer. This information is supplied free of charge.

Further information 

To find out more about the GDPR changes taking place, please see the ICO website. If you have any questions about the RCR’s data protection policy, please contact the Data Protection Officer.