Statement for regarding data usage/storage for patients and students


NCA gathers, stores and processes data in accordance with the EU General Data Protection Regulations (GDPR). For the purposes of research:


Patients in our clinics

Clinical audit data is pseudonymised, and is stored securely for up to one year in order to ensure data integrity as it is processed. The look-up tables that connect pseudonymised data with patient details are destroyed after 7 years (or for nutrition when a child reaches the age of 25 or 26 if attendance in clinic ends when they are 17), along with the patient’s health and personal information.

Some data is held electronically, and some is held in paper form. All data is stored securely.

We may also use some health information for classroom and clinic teaching purposes. In this usage, data is entirely anonymised.


Students engaging in research projects

Students engaging in research projects (typically for their MSc dissertation) are also subject to GDPR requirements, as set out in the Dissertation Handbook. These requirements cover stages such as recruitment, data collection, data storage, manipulation, analysis and writing-up of findings. The requirements have the status of an enforceable agreement between the student and the College, and disciplinary procedures exist for students found to be infringing GDPR requirements during their research project.

The College’s Research Ethics Committee scrutinises all research projects for adherence to the GDPR provisions, and will not give approval for any project that does not comply.