Data residency
Data residency is the requirement that personal or commercial data is stored and processed within a specific legal jurisdiction (UK, EU, or another named region) and not transferred outside it.
Data residency is a procurement and compliance term meaning the customer requires data to be stored and processed within a specified jurisdiction, typically because of regulatory pressure (UK GDPR, EU GDPR, financial-services regulation, sector-specific mandates) or board-level risk policy.
For a virtual data room used in a UK fundraise or M&A transaction, "UK-only data residency" means the cipher-text sits in a UK data centre (or an EU data centre operated by an EU-jurisdiction entity), and is never replicated to a US data centre. Most enterprise VDRs default to multi-region; only some modern VDRs ship UK or EU residency as the default.
Post-Schrems II (CJEU C-311/18), transfers to the United States require Standard Contractual Clauses plus a documented Transfer Impact Assessment. Many UK SMEs fail this test inadvertently by storing data on a US-default provider.
See also: UK GDPR, Virtual Data Room.