The Data Protection Act 2018 [1] and the (UK) General Data Protection Regulations (GDPR) [2] prohibits the transfer of personal data outside the United Kingdom, unless appropriate safeguards are in place. Some countries have been deemed by the UK government to have adequate safeguards, and there are no additional requirements for transferring personal data. There are also requirements to document the lead data protection supervisory authority if an organisation operates in an EU member state. This is unlikely to be relevant to UK dental practices, most of which operate only within the UK, but there may be implications if your IT provider send or stores your data outside of the UK or if you use dental laboratories or suppliers in non UK countries.
Confirm that the providers of your IT services do not send or store your data outside the UK.
Contact your indemnity provider for advice if you share personally identifiable information with dental laboratories or suppliers in non UK countries.