Disclaimer
MRCP(UK) is not responsible for the accuracy of information on any other website detailing information regarding MRCP(UK) examinations. Please note that www.mrcpuk.org is the only authorised source of information.
The information on this website should be used as guidance for taking the MRCP(UK) Examination and Specialty Certificate Examination. It endeavours to be accurate on the day of viewing and is reviewed regularly but inevitably there will be changes to the arrangements for exam delivery. Any such changes will be set out in the News section.
For detailed information on the rules and regulations governing the MRCP(UK) and Specialty Certificate Examinations candidates are asked to consult the MRCP(UK) Regulations and Information for Candidates and Specialty Certificate Examination Regulations and Information for Candidates respectively. Any queries regarding the interpretation of the MRCP(UK) Regulations should be referred to the MRCP(UK) Central Office.
Data protection and privacy
View our fair processing of data below.
Fair processing notice
Under the General Data Protection Regulation (GDPR), the Federation of Royal Colleges of Physicians of the United Kingdom (the Federation) must provide comprehensive information on how records and information about living people are being collected, used and disposed of. This processing statement explains what data MRCP(UK) hold about you, why we hold it, how we protect it and how you can access your rights.
What we do with your data
The Federation of Royal Colleges of Physicians of the United Kingdom (the Federation) collects and holds data in accordance with the General Data Protection Regulation 2018. The data is used for any reasonable activity undertaken by the Federation in delivering examinations and services associated with the MRCP (UK), SCE and European partner examinations. Data will also be used for monitoring, research, statistical analysis, verification of qualifications and prevention of fraudulent activity.
Why we need to collect and use your data
The Federation must collect data in order to deliver examination services as outlined above. In delivering these services, the Federation will also access data from the Royal Colleges of Physicians of London, Edinburgh and Glasgow. For further information about how these organisations collect and process data please see their College privacy statements or contact them directly. The Federation is a joint Data Controller with the Colleges for all data collected directly. The three Royal Colleges are Data Controllers for any data collected by them individually and shared with the Federation; in these instances the Federation is a Data Processor.
Who we share your data with outside the Federation
Any data collected will be exchanged between the departments of the Federation, examination partner organisations and delivery partners, and approved external partners (including the GMC, relevant regional and national training bodies) for the above purposes. Data will also be shared with approved partners for purposes of providing career information and CPD opportunities.
How we protect your data outside the territories covered by the GDPR
In some cases, data will be shared with partner organisations outside of the EU; where this occurs there are data sharing contracts in place confirming that data will be processed to GDPR standards and in accordance with the purposes described above.
How long we keep your data and why
We are legally required to keep examination candidate data that is needed to verify qualifications permanently. This data includes candidate names, GMC numbers, identifiers (such as date of birth), examination attempts and results. All other candidate data is deleted after 10 years, unless it is needed to monitor and prevent fraudulent activity (in exceptional circumstances).
We are required to keep personal data from Board and Committee members (including name, address, contact details) for 10 years for auditing content creation and upholding examination security. After this time the data is deleted.
We keep patient images and associated consent forms for exam question development and delivery indefinitely; unused images may be deleted if the associated question(s) is deleted, but otherwise all images will be kept for possible use in future exams and for audit where previous used. All images will be de-identified as far as possible.
For the MRCP(UK) PACES examination, examiner data is held separately by each of the three Royal Colleges of London, Edinburgh and Glasgow. There is a regulatory obligation to hold some information on examiner activity indefinitely. Please contact them directly for information on this data.
Your rights to:
- access your data and have a copy in a standard format
You have the right to access all information which identifies you as a living person, held by the Academy. You have the right to a copy of your data in a standard format, where technically possible. You also have the right to rectify factual errors in current systems and processes. The above are general rights which apply across all work areas in the Federation. If you wish to exercise these rights, contact the Data Protection Officer here Data Protection Officer here
- have data deleted
For examination candidates, all non-essential personal data will be deleted after 10 years; if you wish to request that we delete it sooner than this, please make a subject rights access request (see below). All candidate data required for examination verification purposes will be retained indefinitely to fulfil regulatory obligations.
For Board and Committee members, personal data will be deleted after 10 years – you can request that we delete data that is not necessary for auditing content creation by submitting a subject rights access request.
For patients that have consented to images being used in exam development and delivery, you cannot request that the data is deleted but you will be required to give full and explicit consent before any such image is collected. Examiners will need to contact the organising College regarding the deletion of personal data.
- restrict the use of your data and stop your data being used
For examination candidates, you can request that we stop using personal data that is not necessary for fulfilling our regulatory obligations ahead of the 10 year deletion period by submitting a subject access request and contacting the Data Protection Officer. Similarly, you can request that we stop using personal data relating to participation in Boards and Committees via a subject rights request providing it is not needed for content auditing.
For examiners, the organising College is responsible for the collection and management of personal data; you will need to contact them to request a restriction or stoppage in the use of your data. MRCP(UK) carries out some training exercises and courses for examiners. In order to provide this training, the three Royal Colleges will share an examiner’s personal data with MRCP(UK). Any data related to an examiner’s status regarding this training will be held by MRCP(UK) and shared with the three Royal Colleges for the purposes of delivering the examination.
Where we use automated decision making and how this affects you
We do not use any automated decision making processes in providing our services.
Who to contact and how to complain
If you wish to know more about how we manage privacy, or you wish to make a complaint, contact the Data Protection Officer.
If you are not satisfied with the service provided by the Federation, you have the right to complain to us by contacting the Data Protection Officer or the UK regulator, the Information Commissioner. See their website here for further information on GDPR and your rights.
If the use of your data changes, we will update this statement to reflect that. Regularly reviewing this information ensures you remain aware of what data we hold and use.