Data Sharing Governance Framework
Published 23 May 2022
© Crown copyright 2022
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/data-sharing-governance-framework/data-sharing-governance-framework
Ministerial foreword
The National Data Strategy sets out the government’s ambitions to improve data use in government and the importance of sharing data to deliver better services and outcomes for businesses and people. To realise these ambitions we are working to address the technical challenges posed by legacy systems and embed consistent data standards. There are also non-technical barriers to sharing data in the public sector that we must collectively work together to overcome.
The non-technical barriers to efficient data sharing in government arise where public sector bodies have not set data sharing as a strategic priority. It is compounded by a lack of alignment between organisations in data sharing systems and processes and when we have different approaches to navigating the complexities of legal and ethical compliance.
Across the public sector, we have significant expertise and dedicated professionals committed to managing data sharing governance and related decision-making. This Framework is an important step forward in bringing that expertise together and working in partnership to align data sharing governance systems, processes and approaches.
The Framework is not a guide for public sector organisations on whether they should share data for specific purposes. Public sector organisations will need to continue to carefully consider data protection and ethical issues. Where government data is assessed as not personally identifying or otherwise sensitive or restricted, our default position should be to make it available for sharing. Here we set out our collective commitment for proactive, simpler and faster data sharing, with clear principles for building consistent and coordinated cross-government data sharing governance.
Mrs Heather Wheeler MP, Parliamentary Secretary, Cabinet Office
Why do we need a Data Sharing Governance Framework?
Data is essential to delivering good public services, developing and evaluating policy, and a wide range of government operations. The data needed to do this well is often held in different parts of government and needs to be shared so that it can be used. Government is committed to tackling the challenges which reduce the ability to get best use and value from its data.
In the same way that clear and common technical standards are fundamental to the way data is represented, recorded, described, stored, shared and accessed, clear and common governance standards are needed to deliver data to the right place at the right time. Working in silos, different levels of data maturity and solving problems in isolation has contributed to inconsistencies and misalignment in our data sharing governance. This Framework is an opportunity to take stock and change direction.
This Framework provides principles and actions to reduce or remove common non-technical frictions and barriers, now and over time. It highlights the relationship between technical data standards and wider data governance.
Applying the principles and actions in this Framework will set departments and public bodies on a course to greater alignment of data sharing systems and processes, and embed data sharing as a strategic priority across government.
Strategic context
The publication of this Framework supports commitments made in the National Data Strategy, particularly addressing barriers to data sharing and driving aligned data governance structures across government. The Framework also supports the Declaration on Government Reform, which commits to openness and data sharing across government.
The Department for Digital, Culture, Media and Sport (DCMS) is leading work on National Data Strategy commitments for data sharing in the wider economy and will provide separate guidance on interventions to maximise value for money and impact in that context.
This Framework is one of a growing suite of tools which enable better use, reuse and sharing of data across government including the Government Data Quality Framework and the Data Ethics Framework.
Who is the Data Sharing Governance Framework for?
You should use the Data Sharing Governance Framework if you are:
- a senior leader who is responsible for setting the strategy and direction for a government organisation or department, including those who do not have data specific job titles
- a data management specialist - a person who works in the DDaT or Knowledge and Information Management Professions in a data-related role
- a data sharing practitioner - a person who works in a role that focuses on data provision or data acquisition
- a data requester - a person who regularly or occasionally needs to access data from other parts of government, but is not as specialised as a data sharing practitioner
The Data Sharing Governance Framework applies to:
- UK government departments (not including councils)
- agencies of UK government departments
Data management is a devolved issue, thus the Northern Ireland Executive, Scottish Government and Welsh Government have their own approaches to data sharing governance. Further, local government is not required to implement these principles and actions. There are many benefits to aligning data sharing governance across all of the UK and it is important that administrations of the UK continue to share good practice and learn from each other.
Make your data sharing more efficient by following five principles
There are five principles you should follow to help your organisation make data sharing more efficient.
Each principle addresses the cause of a specific barrier or friction point in the data sharing process. Each principle is underpinned by actions which support greater cross-government alignment in your data sharing governance, helping you explore the specific role you may need to play:
- Commit to leadership and accountability for data sharing
- Make it easy to start data sharing
- Maximise the value of the data you hold
- Support responsible data sharing
- Make your data findable, accessible, interoperable and reusable
1. Commit to leadership and accountability for data sharing
Your department or organisation should make sure that using and reusing data, including accessing data from other government organisations and making your own data accessible, is a strategic priority. If you are a senior leader, particularly if you do not have ‘data’ in your job title, you can understand the strategic importance of data sharing by asking two questions:
- Do you have enough information to make good decisions and deliver good services?
- Does your organisation have data that could assist other people in government to make good decisions and deliver good services?
While ultimate accountability for any specific data sharing sits with the Permanent Secretary or relevant officer of a Department or public body, many of the data sharing leadership responsibilities are far wider. In some instances such leadership sits with an organisation’s chief data officer or information officer, the cultural and strategic need is wider than the leadership roles with ‘data’ in the title. This is especially relevant in organisations that do not have CDO/CDIO roles.
Make data sharing a strategic priority in your organisation
Your organisation should make sure that use and reuse of data, including accessing data from other government organisations and making your own data accessible, is a strategic priority.
As a senior leader, you should:
- embed data sharing as a priority in your organisational strategy
- take responsibility for delivering strategic data sharing priorities
- develop and publish a data sharing strategy, policy or plan for your organisation which sets out how it will implement this Framework
- encourage a positive culture around data sharing at all levels of your organisation
- take the ONS Data Science Campus Data Masterclass for Senior Leaders to develop your data skills and support a positive data culture
Example:
The Driver and Vehicle Licensing Agency’s data sharing strategy explains how they prioritise sharing data to support work across government as well as services for their own users.
Example:
The Department for Work and Pensions has developed an organisational data strategy which sets out the role and importance of data sharing to its aims and objectives.
Delivery of the strategy is supported by internal guidance and training. There is information to support data sharing processes and a team of specialists produces data sharing advice and guidance to develop data sharing knowledge and capability across the department.
The data sharing advice and guidance team assists colleagues who do not regularly work on data sharing, helping them to understand the process and work through the necessary approvals and documentation.
As a result, data sharing processes are consistent and standardised across the DWP. A supportive culture in the department means everyone understands why data sharing is important.
Create a culture that supports people working to solve data sharing problems
Government generates and is responsible for a large amount of valuable data, but making best use of it needs a supportive culture where people work together to solve data sharing problems. This means identifying recurring problems and understanding their root causes.
As a senior leader, you should:
- deliver continuous improvement by monitoring your organisation’s data sharing processes to identify recurring problems
- have a process in place to involve subject matter experts or senior leaders from inside or outside your organisation where there are problems reaching an agreement on a priority data sharing request
- make sure your data sharing risk assessment assesses mitigations by including specific aspects of data sharing rather than just data sensitivity, for example which organisations the data will be shared with, how it will be shared and what it will be used for
- make sure your data sharing risk assessment model is consistent with other public sector bodies, is flexible enough to adapt to changing demands and priorities, and explains the impact of not sharing data
As a data management specialist, you should:
- monitor and report on your organisation’s data sharing processes to help identify problems with it and work to resolve them
- work through professional networks or the Data Standards Authority (DSA) to develop cross-government solutions when your organisation can’t solve problems on its own
Example:
The Department for Work and Pensions is developing a data sharing governance process that responds to the complexity of individual data sharing arrangements.
Less complex or more common data sharing arrangements will be managed in standard processes, supported by a team of data sharing advisors who assist colleagues across the department. Specified senior data professionals, delegated by the department’s Chief Data Officer, will approve data sharing at this level.
More complex or higher-risk data sharing comes under the DWP’s data sharing review board. Responsibility for oversight and agreement of complex data sharing sits with the board, which is made up of senior staff with wide expertise in data security and data protection.
This approach means that the right resources and skills can be applied each time data is shared, with a pipeline for more complex arrangements which drives progress and problem solving.
2. Make it easy to start data sharing
One way that sharing your data across government can be blocked or delayed is at the very start of the process, if whoever is requesting your data cannot find an initial point of contact. Starting a data sharing conversation should not rely on already knowing the relevant people in a department, or having worked with the department previously.
Public sector bodies can make data sharing more efficient by making it easier for others to start a conversation about it, from identifying contacts to transparency on what information is needed from data requesters.
Make it easy for others to contact you about accessing your data
People who want to access your data need to know who to contact. The size and complexity of your organisation can help you decide what works best.
One efficient way to manage incoming requests is by creating a point of contact in your organisation to triage requests and queries. The results can then be sent to the appropriate data asset owners or custodians in your organisation.
Your point of contact should be simple and easy to locate, such as a generic email address published on your department’s website, or a web form asking specific questions to enable fast and accurate assessment of the request. You should also decide on and publish a timescale within which you will reply to queries.
The responsibility is best handled by teams of people, with a range of skills and experience, which can scale to the size of your department.
Simplifying your contact points will save time for other people and help maintain control and oversight of data sharing in your organisation.
As a data sharing practitioner, you should:
- make sure your organisation has contact points for data queries that can be easily located and are not attached to a specific person or people
- implement a system to manage and forward incoming data requests through your contact points
- make it clear what information you need when someone requests data so that it can be triaged efficiently
As a data management specialist, you should:
- include contact information with the data you make available, for example in its metadata or in its cover page if you’re sharing data in a spreadsheet
- make your contact points simple, clear and available, for example on your website, through your data sharing policy, in your GitHub repositories or by adding information to the government Data Standards Catalogue and API Catalogue
As a data requester, you should carefully follow the instructions provided by the organisation you are requesting data from. This is to make sure you provide all the information they need to deal with your query as efficiently as possible.
Example:
The Driver and Vehicle Licensing Agency (DVLA) publishes easy to find and clear information about making a data request, including the team contact email and request forms. This allows those wanting to access DVLA data to quickly identify a starting point and means the queries received from across government can reach the right part of the organisation for next steps.
3. Maximise the value of the data you hold
Data sharing across government is made slower and more difficult when there is a lack of transparency about what data exists and how it can be accessed. It is easier to realise the value of data if you know more about the data you have and who is responsible for it. This also makes it easier for people across government to understand its value and start conversations with you about it.
Make sure your organisation records what data it holds and who is its responsible owner
It should be clear to people who are responsible for the data your organisation holds. Data needs to be fully accounted for, particularly when projects, programmes and services end. Lack of accountability can lead to potentially valuable data not being reused, or being shared inappropriately.
As a data management specialist, you should:
- keep an inventory of the data you hold and establish clear lines of accountability, using metadata standards recommended by CDDO as a guide
- standardise and coordinate how your department maintains your data inventory
Make sure people can discover what data is held by your organisation
Sharing your data across government is slower and more difficult when there is a lack of transparency about what data you have and how it can be used.
Making your data easier to find is a priority of the National Data Strategy. A good way to make your data more discoverable is by creating a data catalogue (also known as a data asset inventory), or contributing to a relevant, existing data catalogue.
Your catalogue or inventory of the data you hold should:
- show how your data can be accessed and, where possible, how it has been used by other departments or organisations in government
- make it clear which data that has previously been shared can be reused for other purposes
- follow metadata standards, to provide useful additional data to help people understand and contact you about your data
- follow the structure of other catalogues across government as closely as possible, to improve discoverability of data across government
- be readable by both humans and machines. It should contain information about data which is useful for both technical and non-technical users.
Your organisation should be maintaining information asset registers to demonstrate compliance with the Data Protection Act 2018. If you don’t have an existing data catalogue, you should consider using your information asset register as a base from which to build one. You should consider incorporating further metadata to make sure that the catalogue describes your data for the people who may want to access it.
As a data management specialist, you should be responsible for your organisation’s data catalogue. You should also make sure data sharing follows methods agreed by your organisation. For example, if your data sets have APIs, listing them on the government API catalogue, or if your data is in CSV format, it complies with the Data Standards Authority (DSA)’s CSV guidance. This will make your data discoverable, while making sure it has contact details attached to it.
Example:
Department for Education (DfE) explains the data it collects, how the data is shared and how it is protected.
DfE also makes it easy for users to see what data is already being shared.
In the National Pupil Database, a central data store for DfE, users can explore what data is held before applying to access the data.
4. Support responsible data sharing
Sharing personal data across government can be seen as a high-risk activity, but you should not be discouraged from sharing this kind of data if there are good reasons to do it.
You should consider data protection law as a way to make sure that you are sharing data responsibly. Data protection law allows you to share data quickly and easily if you follow data protection regulations and avoid unnecessary risks or shortcuts. Further, some sensitive data has special legal protections which may restrict sharing, such as data held by healthcare organisations.
There are practical ways you can share data confidently while protecting people’s privacy, for example working with data protection professionals early in your data sharing process, explaining relevant data sharing laws to your users and collaborating with your users when you create data sharing agreements.
However, it is important to recognise that there will be instances where one party may have a valid reason to not share data. Such instances are infrequent, but may occur due to reasonable security or data protection concerns or restrictions. In these circumstances, the parties involved should seek external support to see if the issues can be resolved, such as from the CDDO’s data sharing advisors. In rare circumstances, escalation to an organisation’s most senior accountable officer for data sharing may be required to make a final decision on progressing a specific data sharing arrangement.
You can share non-personal data with more flexibility than personal data if your organisation has different plans to share different kinds of data in different ways.
This Framework is not intended to address every legal, ethical or security aspect of data sharing. You can find more information about data protection and data ethics by reading:
- the Data Protection Act 2018, which is the UK’s implementation of the General Data Protection Regulation (UK GDPR) and controls how personal information is used by organisations, businesses or the government
- the ICO’s data sharing code of practice, which explains data protection regulations and specifically covers the unique aspects of data sharing in the public sector
- the government Data Ethics Framework, which guides public sector organisations through ethical considerations of using data appropriately and responsibly when planning, implementing, and evaluating new policies or services
- the National Cyber Security Centre (NCSC)’s cyber security guidance, which covers important security and safety issues for storing and sharing data
Get assistance from data protection professionals as soon as you start to consider data sharing
You should consult data protection specialists when you first start to consider accessing or acquiring personal data.
All public sector bodies can get assistance from data protection professionals to advise, assist and lead on key aspects of data protection, as well as determine the appropriate lawful basis, so that you can share data safely, responsibly and legally.
Make it easy for users who want to access your data to identify the laws which allow you to share data
As well as complying with UK GDPR for sharing personal data, when government departments and public bodies share data with each other they must identify a legal power for sharing personal data.
General legal powers may exist in the legislation or charter that established the public sector body which holds the data you want to access.
There may also be specific legislation that grants express powers for government organisations to share data under defined purposes. These express powers are also often known as legal or statutory gateways for sharing data.
As a data sharing practitioner, you should:
- provide clarity about the legal powers which apply to your data assets
- build consistency in the information about your data sharing legal powers you make available, and how you communicate it across government
- focus on using existing legal gateways rather than creating new legislation
- explore whether the data sharing provisions in Part 5 of the Digital Economy Act 2017 provide a legal basis or easier route to a new legal gateway if no other appropriate ones exist
As a senior leader, you should ensure regular assessment of the legal gateways that are the responsibility of your organisation and work to repeal those you no longer need. Reducing the number of legal gateways will make it faster and easier to identify the right legal gateways to use.
Example:
The Department for Education (DfE) publishes an overview of the legal powers they use to share data. They link to the relevant legislation which enables these legal gateways and explain what data they can share with which departments and organisations, as allowed by the legislation.
Make it easy to collaborate on data protection impact assessments and sharing agreements
Data protection impact assessments (DPIAs) and data sharing agreements (including memoranda of understanding for sharing data) are essential for good data sharing governance and building public trust in the government’s use of data. DPIAs show the essential considerations and choices that departments must make when sharing and using specific data.
Working through DPIAs and developing data sharing agreements requires close collaboration between teams and departments in government. Making better use of digital tools will make these processes faster and easier to align.
As a data sharing practitioner, you should:
- allow users on all sides of the data sharing process to see the progress of a DPIA, and who has responsibility for specific parts of it, at any time
- consider digital solutions for developing DPIAs and sharing agreements to improve collaboration, manage version control, centralise storage, improve access to existing documentation and simplify the process for all users
- make sure any template or reusable sharing agreements you create are stored in discoverable and accessible formats, with guidance on how to use them
As a data requester, you should:
- develop your understanding of the request process and what your responsibilities are in it by reviewing documentation that the data source organisation publishes, or by contacting them directly for early advice and guidance
- plan for DPIA and sharing agreement processes, as this is where important decisions about data use are made
- have drafted an overview early in the data acquisition process on what data is needed to meet the objectives of your project or service, how the data will be used and what outcomes are expected from its use
- make sure there is enough time allocated for everyone involved in the process to come together, with the right specialists involved
Make sure users of your data can access important information about existing data protection impact assessments and sharing agreements
Your organisation should make completed DPIAs and sharing agreements, or core information about them, accessible to other public sector bodies when it is appropriate. Being able to access previous DPIAs and agreements reduces duplication of work and means solutions to common challenges can be shared with others.
As a data sharing practitioner, you should:
- make information about completed DPIAs and sharing agreements findable and accessible across government
- make data sharing agreements available to users of the data so that they can assess and manage their compliance
Example:
Leeds City Council (LCC) uses a digital platform to manage its data sharing agreements. LCC shares sensitive data with a wide number of public, third sector and health organisations, who have varying levels of data sharing maturity and resources.
Writing, agreeing and signing sharing agreements with partner organisations was a long and difficult process, requiring a lot of resources to deliver. LCC wanted to streamline its sharing agreement process and make sure it was consistent and standardised across the Council.
All agreements are written, signed, processed, reviewed, and stored on the platform. The platform manages access to the information, and staff only access as much information as they need in relation to their role.
All parties to the sharing agreement are able to securely access the platform to collaborate on the development of agreements. They have visibility of each agreement’s progress and sight of actions that need to be completed or signed off by which party. All communications about the agreement take place through the platform, which means that essential information is available to all who need it.
Having the agreement process in one place makes it easier to collaborate, assure and review developments and documentation. This includes a single, trackable version of each agreement. Data protection officers have clear oversight of all agreements, which helps to simplify risk management. The amount of time and resources given to developing and completing an agreement has been reduced for both the Council and its partners.
Make sure users can easily access non-sensitive or non-personal data
Non-personal and non-sensitive data is a valuable resource for a wide range of uses across government. This kind of data does not generally need the same access restrictions as for personal or sensitive data. You should also consider the security classification of the data, as access restrictions may need to be applied where a Government Security Classification is higher than Official, or where there might be intellectual property implications.
To make sure your non-sensitive and non-personal data is providing as much value as possible, you should make sure it can be accessed easily. Your data should be available in as many ways as your users need, or is relevant to the specific data. You can make your data available to other departments and public bodies by publishing it on your organisation’s website or on GOV.UK.
As a senior leader, you should:
- make it simple and easy for public sector bodies to access your organisation’s non-sensitive and non-personal data by making it a priority of your data strategy
- support your organisation or teams to assess the risks and share non-personal and non-sensitive data, knowing this kind of data is different to sensitive data
As a data management specialist, you should:
- aim to make it easy for users to access your organisation’s non-sensitive or non-personal data
- offer users of your data alternative access options when your risk assessment model will not allow sharing a complete data set, for example, attribute checks or limited datapoint access through an API
- make sure data standards are adopted so that data can be reused by others
As a data sharing practitioner, you should:
- aim to make it easy for users of your data to access your organisation’s non-sensitive or non-personal data
- be flexible in your risk assessment model for non-personal data
- make sure the risk of not sharing your data is explored in your data risk assessment model
Example:
A number of government organisations follow open data principles and publish their non-sensitive and non-personal data when appropriate, making it available for anyone to download and use.
All of Defra’s open data is available on the Data Services Platform and the Department for Levelling Up, Housing and Communities (DLUHC) publishes over 200 data sets under open licences.
5. Make your data findable, accessible, interoperable and reusable
Using common data standards is a very important part of making data findable, accessible, interoperable and reusable across government. Data standards help people to agree and document the content, context and meaning of data. This includes how it is represented, recorded, stored and accessed.
Better findability, accessibility, interoperability and reusability means everybody can get more value from shared data in government and that the data can be shared and used more quickly.
Use data standards to make your data easy to share, compare and combine
As a data management specialist, you should engage with the DSA to find out how it can help you to make your organisation’s data easier to find, access, interoperate and reuse. You can use the DSA’s resources to find recommended data standards, guidance and other useful information such as:
- general guidance and resources for data projects, including the Technology Code of Practice, Service standards and API design guidance
- metadata standards for sharing and publishing data and recording information about your data sets you share with others
- guidance to help you publish reference data for use across government
- a reference architecture to help you develop your organisation’s use of data and APIs
- guidance to help you share data using CSV files
As a data sharing practitioner, you should:
- use practitioner networks to stay up to date on the techniques and mechanisms recommended to share data, and assess the implications for data sharing practice
- consider how data quality and data standards can be built into terms of your sharing agreements
As a senior leader, you should:
- include the role and importance of data standards and data quality in your organisation’s data sharing strategy or plan
- support the adoption of data standards and follow the Service Standard, the Technology Code of Practice and the spend controls process
Example:
To unlock the value of its data, the Geospatial Commission has committed to FAIR principles. They carried out an assessment of the UK’s geospatial data against FAIR principles, then published the findings. In their Annual Plan, the Geospatial Commission sets out the basis of a programme to specify what FAIR means for geospatial data in practice, so that they can make systematic and transparent improvements to UK data.
Summary of actions
Senior leaders
Principle 1: commit to leadership and accountability for data sharing
| Action | Key statement |
|---|---|
| Complete the ONS Data Masterclass for Senior Leaders. | Make data sharing a strategic priority in your organisation |
| Make data sharing a strategic priority in your organisation, considering sharing your organisation’s own data as well as acquisition of cross-government data. | Make data sharing a strategic priority in your organisation |
| Deliver an organisational data sharing policy or plan, setting out how you will implement this Framework and progress greater government-wide alignment of our data sharing governance | Make data sharing a strategic priority in your organisation |
| Support a data risk assessment model that is flexible, does not overestimate risk levels and recognises the impact of not sharing data. | Create a culture that supports people working to solve data sharing problems |
| Deliver continuous improvement programmes for data sharing, working with the Data Standards Authority or other cross-government bodies to identify common problems and solutions | Create a culture that supports people working to solve data sharing problems |
| Take responsibility for delivering strategic data sharing priorities. | Make data sharing a strategic priority in your organisation |
| Champion a positive and solution-focussed culture around data sharing in your organisation and across government. | Create a culture that supports people working to solve data sharing problems |
Principle 4: support responsible
| Action | Key statement |
|---|---|
| Assess whether the legal gateways that your organisation is responsible for are being used, and work to repeal those that are no longer needed. | Make it easy for users who want to access your data to identify the laws which allow you to share data |
| Prioritise simple and easy access for public sector organisations to your organisation’s non-sensitive and non-personal data in your organisation’s data sharing policy or plan | Make sure users can easily access non-sensitive or non-personal data |
Principle 5: make your data findable, accessible, interoperable and reusable
| Action | Key statement |
|---|---|
| Include the role and importance of data standards and data quality in your organisation’s data sharing strategy or plan | Use data standards to make your data easy to share, compare and combine |
Data requesters
Principle 2: make it easy to start data sharing
| Action | Key statement |
|---|---|
| Review and carefully follow the instructions provided by the organisation you are requesting data from | Make it easy for others to contact you about accessing your data |
Principle 4: support responsible data sharing
| Action | Key statement |
|---|---|
| Draft an overview covering what data is needed to meet the objectives of your project or service, how the data will be used and what outcomes are expected from its use, early in the data acquisition process | Make it easy to collaborate on data protection impact assessments and sharing agreements |
| Build sufficient resource for DPIA and sharing agreement/MoU processes into the data acquisition timetable | Make it easy to collaborate on data protection impact assessments and sharing agreements |
Data management specialists
Principle 1: commit to leadership and accountability for data sharing
| Action | Key statement |
|---|---|
| Monitor and report on improvement objectives to help deliver your organisation’s data sharing commitment and internal delivery plan or policy | Create a culture that supports people working to solve data sharing problems |
| Monitor your data sharing processes, identify problems and work to resolve them. | Create a culture that supports people working to solve data sharing problems |
Principle 2: make it easy to start data sharing
| Action | Key statement |
|---|---|
| Make contact points for data sharing queries simple, clear and available; for example, on your website, in metadata, through your data sharing policy, in your GitHub repositories and adding information to relevant government data catalogues such as the Data Standards Catalogue and API Catalogue | Make it easy for others to contact you about accessing your data |
| Make sure requests to access your data are directed to the people or teams who manage and monitor requests, to support responsible data sharing and process monitoring. | Make it easy for others to contact you about accessing your data |
Principle 3: maximise the value of the data you hold
| Action | Key statement |
|---|---|
| Keep an inventory of the data your organisation holds and establish clear lines of accountability that follow metadata standards for sharing and publishing data. | Make sure your organisation records what data it holds and who is its responsible owner |
| Make appropriate data findable across government, through publication under open licences, listing APIs on the government API Catalogue, | Make sure people can discover what data is held by your organisation |
Principle 4: support responsible data sharing
| Action | Key statement |
|---|---|
| Look at alternative access options to sharing a complete data set and working with data differently, such as through attribute checks or limited datapoint access through an API. | Make sure users can easily access non-sensitive or non-personal data |
Principle 5: make your data findable, accessible, interoperable and reusable
| Action | Key statement |
|---|---|
| Make sure any data in CSV format complies with the DSA’s guidance on using the CSV file format. | Use data standards to make your data easy to share, compare and combine |
Data sharing practitioners
Principle 2: make it easy to start data sharing
| Action | Key statement |
|---|---|
| Provide a simple and easily accessible point of contact for starting data sharing conversations with your organisation. | Make it easy for others to contact you about accessing your data |
| Make clear what information is needed from a data requester to start a data sharing conversation. | Make it easy for others to contact you about accessing your data |
Principle 4: support responsible data sharing
| Action | Key statement |
|---|---|
| Provide clarity about the legal gateways that apply to your organisation’s data | Make it easy for users who want to access your data to identify the laws which allow you to share data |
| Work with senior leaders to assess and revise your data risk assessment models, seeking greater alignment across government and enabling faster access to non-personal data. | Make sure users can easily access non-sensitive or non-personal data |
| Implement an escalation process, including access to advice from CDDO, to address any blocks or delays in a priority data sharing process. | |
| Provide transparency to data requesters about their responsibilities and what information is needed to consider and progress a data sharing request. | Make it easy to collaborate on data protection impact assessments and sharing agreements |
| Provide transparency across the DPIA and agreement process, so that everyone’s responsibilities are made clear throughout establishing a data sharing arrangement. | Make it easy to collaborate on data protection impact assessments and sharing agreements |
| Consider a digital tool or platform for cross-organisational collaboration on the development and management of DPIAs and sharing agreements. | Make it easy to collaborate on data protection impact assessments and sharing agreements |
| Make sure any template DPIAs, agreements and MoUs you have are stored in discoverable and accessible formats, with guidance on how to use them. | Make it easy to collaborate on data protection impact assessments and sharing agreements |
| Make information about completed DPIAs and sharing agreements findable and accessible across government, where appropriate. | Make sure users of your data can access important information about existing data protection impact assessments and sharing agreements |
| Make sure the end users of data can access appropriate information from sharing agreements so they can assess and manage compliance with terms. | Make sure users of your data can access important information about existing data protection impact assessments and sharing agreements |
Principle 5: make your data findable, accessible, interoperable and reusable
| Action | Key statement |
|---|---|
| Engage regularly with data sharing teams across government, informally and through communities such as the Data Sharing Practitioners’ Community to share knowledge, experience and good practice. | Use data standards to make your data easy to share, compare and combine |
Contact
data-standards-authority@digital.cabinet-office.gov.uk
Acknowledgements
We are grateful to the Data Standards Authority’s Steering Board and Peer Review Group, Data Sharing Practitioner’s Network, Data Sharing Governance Framework working group, CDO Council, Scottish Government and Welsh Government, and numerous individuals and teams across government and the public sector who contributed time, ideas and experience to the development of this Framework.