We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
This NHS and social care data: off-shoring and the use of public cloud services has been written jointly by NHS Digital, NHS England, the Department of Health and Social Care and NHS Improvement.
The following documents have been created by NHS Digital to provide more detailed guidance:
- NHS and Social care providers may use cloud computing services for NHS data. Data must only be hosted within the UK - European Economic Area (EEA), a country deemed adequate by the European Commission, or in the US where covered by Privacy Shield.
- Senior Information Risk Owners (SIROs) locally should be satisfied about appropriate security arrangements (using National cyber security essentials as a guide) in conjunction with Data Protection Officers and Caldicott Guardians.
- Help and advice from the Information Commissioner's Office is available and regularly updated.
- Changes to data protection legislation, including the General Data Protection Regulation (GDPR) from 25 May 2018, puts strict restrictions on the transfer of personal data, particularly when this transfer is outside the European Union. The ICO also regularly updates its GDPR Guidance.
- NHS Digital has provided some detailed guidance documents to support health and social care organisations.