| answer text |
<p>The National Health Service does not operate a data localisation policy. In January
2018 the Department, NHS England, NHS Digital and NHS Improvement published guidance
for the NHS on offshoring patient data. A copy of <em>NHS and social care data: off-shoring
and the use of public cloud services </em>is attached.</p><p>NHS and social care organisations
are permitted to host patient identifiable data in countries that provide an adequate
level of protection; within the United Kingdom, the European Economic Area, countries
deemed by the European Commission to have adequate protections for the rights of data
subjects, or in the United States where covered by Privacy Shield. There are no restrictions
on where in the UK data may reside. For example, data from the NHS in England data
may be hosted in Scotland, and vice versa.</p><p>The guidance makes clear that while
there are no additional risks attached to hosting data offshore, local data controllers
should adopt a risk based approach to decision making about offshoring data. This
provides data controllers with the option of keeping data onshore when they feel it
necessary to do so.</p><p> </p>
|
|
