Offshoring Data of NHS (National Health Service) England


Involved In Discussions

I have heard that the offshore storage of sensitive data from NHS England is prohibited.

Does anyone have any specific references for this?



Trusted Information Resource
I'd take a look here:

It doesn't appear to be specifically prohibited, but it must comply with the Data protection act (soon to be replaced by the General data protection regulation)


Involved In Discussions
I would ask where the instruction that data must not be off-shored has come from, it may be a mis-interpretation of the requirement or someone who is mitigating the potential risk for a data breach by not allowing off-shoring the data.

Looking at the site mentioned by pkost, the NHS site references the Data Protection Act and the DPA principle 8 states

"Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data."

There are circumstances where data can be off-shored, i.e. the EU-US bi-lateral agreement known as the privacy shield, but generally you have to be careful to ensure that no data goes outside of these parameters.

The key thing would be to check data storage and transfer to make sure that it is bound contractually to being compliant with EU Directives and DPA and there is no clauses about the supplier moving the data.

Just one final thought, as with anything like this, I would recommend obtaining legal advice and use specialist contractors for data storage or processing.

Hope this helps.

Thread starter Similar threads Forum Replies Date
A API to download customer data from their portal? IT (Information Technology) Service Management 0
Q Data trends Capability, Accuracy and Stability - Processes, Machines, etc. 11
R Data Analysis Software classified as MDSW IVD? EU Medical Device Regulations 3
G Trend analysis according to Article 88, MDR (EU), type of data point. EU Medical Device Regulations 1
Ed Panek Patient consent over data post processing in USA US Food and Drug Administration (FDA) 0
A CE Mark - How do you keep data and test reports? CE Marking (Conformité Européene) / CB Scheme 2
Z Shelf life automatically set to 6 months when no device performance shelf life data provide Medical Device and FDA Regulations and Standards News 5
E-QCDA Extracting data from Word Doc table to Excel Quality Tools, Improvement and Analysis 6
A Sample size selection for process validation - continuous data Reliability Analysis - Predictions, Testing and Standards 9
T CMM Max/Min data and Capability Capability, Accuracy and Stability - Processes, Machines, etc. 3
G Record test data into Word document Document Control Systems, Procedures, Forms and Templates 3
Stoic Warning letter examples for medical device companies related to the pharma guidance on data integrity? US Medical Device Regulations 5
C Primary data record ISO 17025 related Discussions 6
H Is it a requirement for run charts to have inspection data or can it have just a pass/fail check mark Records and Data - Quality, Legal and Other Evidence 4
I Brazil clinical data/trial requirement Other Medical Device Regulations World-Wide 1
A Part 145 Maintenance Data Review EASA and JAA Aviation Standards and Requirements 1
E Electronic Data Management ISO 17025 related Discussions 1
D ISO 14001 Finding - Missing Safety Data Sheets ISO 14001:2015 Specific Discussions 2
P Comparing Two Test Variables Using Attribute Data Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
K Before-After Data Analysis Statistical Analysis Tools, Techniques and SPC 1
D Gage type and data base maintainence Using GAGEpack Software 2
Dazzur Sharing Suppliers Performance Data with Supplier. Supplier Quality Assurance and other Supplier Issues 6
M Conducting a clinical investigation with clinical data from India EU Medical Device Regulations 3
T Data types vs Mathematical operations Six Sigma 4
T Gage R&R study - Ordinal data Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
optomist1 Data Bias - Surveys Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 0
V Levels of actions and consequence to data integrity US Food and Drug Administration (FDA) 10
M ADME data- substances based MD EU Medical Device Regulations 0
B Can a software that receive data from a MD be classified as Class I?or is not a MD? EU Medical Device Regulations 5
T Process Potential estimation for binary data Capability, Accuracy and Stability - Processes, Machines, etc. 3
RoxaneB Data Storytelling Misc. Quality Assurance and Business Systems Related Topics 4
MaHoDie Summative Evaluation with Post-Market Data? Human Factors and Ergonomics in Engineering 2
J EU Data Act Medical Information Technology, Medical Software and Health Informatics 0
P Transferring medical data from a device (Sec 201(h)): regulatory implications US Medical Device Regulations 3
Z Change color or shape of individual data point in control chart Using Minitab Software 6
R FDA ECG Data Requirements Medical Information Technology, Medical Software and Health Informatics 3
T SQL Server 2019 - Master Data Services - Validation needed? ISO 13485:2016 - Medical Device Quality Management Systems 4
C Elaborating a control chart with skewed data Manufacturing and Related Processes 4
D Data normality versus capability Capability, Accuracy and Stability - Processes, Machines, etc. 11
I In-Process Inspection Raw Data ISO 13485:2016 - Medical Device Quality Management Systems 3
T Class III device and shelf life data requirements US Medical Device Regulations 7
S Discussion on OBL and OEM test data for submission as per new EUMDR EU Medical Device Regulations 4
C How to place software version for SaMD product in HIBC secondary data structure (UDI-PI)? Other US Medical Device Regulations 4
PQ Systems Better Data Visualization & Communication with Statistical Indices Using SQCpack Software 0
PQ Systems Data Entry Workflows with SQCpack Using SQCpack Software 2
PQ Systems Data Security in the Quality Industry Using GAGEpack Software 0
B Establishing a Data Analysis Procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Fjalar ISO 20417:2021: Technical Data (6.6.4 c) Other Medical Device Related Standards 0
Z PMS Data collection for SAMD SaaS from clients EU Medical Device Regulations 3
S How to upload data in bulk on EUDAMED? EU Medical Device Regulations 20

Similar threads

Top Bottom