- Does The National Archieves Store and process UK/EU citizen data in the US?
- If so, approximately how much UK/EU citizen data is stored in the US?
- If so, which service provider is storing and processing that data?
- If so, was the Safe Harbour Agreement Safe used to determine the “adequacy” of transferring the data to the US, under the Eighth Principle of the Data Protection Act?
- If Safe Harbour was not used as an adequacy mechanism, what was the mechanism used to ensure compliance with the Data Protection Act?
- The National Archives does store and process some UK/EU citizen data in the United States. The data that is handled in this way is produced from online sales in The National Archives’ shop. When purchases are made online, customers are required to supply a certain amount of information for billing and delivery purposes. When data is processed by Nitrosell, the company who facilitate online purchasing, customer information is only visible to an administrator and not to other employees.
- Since we commenced using Nitrosell, in mid-2013, we have processed approximately 7,883 orders from the UK and 561 orders from the EU, from customers, not necessarily citizens of the UK and EU. Please note that these figure will include a large number of duplicates from individuals who have made multiples orders as ‘guests’ (customers who have not registered n account).
- Nitrosell, who provide e-commerce software solutions for The National Archives’ online shop.
- Before processing personal data in the US, the Safe Harbour agreement was used by The National Archives to determine adequacy under Principle 8 of the Data Protection Act 1998, inline with UK government and EU policy. The Government Offshoring guidance can be found at: https://ogsirooffshoring.zendesk.com/hc/en-us/articles/203107991-HMG-s-Offshoring-Policy
- In accordance with government policy, the National Archives has not sent personal data for processing in the US outside of the Safe Harbour agreement.