...
Briefly, as the privacy policy mentions, we are registered with the UK's ICO and comply with the DPA GDPR for EEA patients. All our UK customer data are hosted in a UK NHS N3 data centre and we do not transfer the data outside the EEA. Note that you, the patient, may still copy your data or give consent for the viewing of the data, by a third party outside of the EEA, e.g. a US physician. But that would be under your consent and control.
Regarding the security of the data, we host UK data in a secure NHS N3 data centre, to ISO 27001 standard. We also encrypt each patient's record with a unique public key, and only the patient – and the people the patient chooses – have the key with which to decrypt the record. No third parties (including PKB) have access to that decryption key so none of them can access a patient's data without that patient's permissionAccess to your data is only authorised by you, the data controller or local laws.
I do hope the information provided is helpful and please do let me know if you have any further queries.
...