Guidance

Data management policy

Updated 28 April 2026

Data Management Policy

The Department for Energy Security and Net Zero (DESNZ) takes the protection of individuals’ and businesses’ data seriously. This policy summarises our approach to managing data used for the production and publication of statistics. It should be used in conjunction with our Confidentiality Policy.

Data acquisition

We endeavour to minimise the burden on data suppliers by only collecting the data we need, by reusing data and using administrative data where possible. Data is transferred to the department from data suppliers using secure transfer procedures such as secure software or password protection. Use of administrative or third party data for statistical purposes is governed by appropriate data sharing arrangements.

Data storage

Data is held in departmental secure IT platforms, including our Cloud Based Analytical Service (CBAS), which is accredited to Official-Sensitive. Access to specific datasets is limited to named individuals using Role Based Access Control. Data transfer in and out of CBAS is encrypted and logged.

Data governance

We have clear governance structures in place to ensure the safe handling of data. All datasets have a senior information asset owner who has overall responsibility for the use, storage and analysis of the data. They have oversight of the individuals who manage the data day to day.

We work closely with our Chief Data Office and our Data Protection Officer and we follow departmental data policies.

Any data breaches are handled in line with the departmental security policy. The Senior Statistics Board reviews relevant data breaches to learn any lessons and ensure sufficient mitigations are in place.

Data capability

All individuals working in the department undertake regular, mandatory UK-GDPR training and a Data Capability Curriculum is available to all staff. In addition, individuals working on data feeding into official statistics will have an induction on data management to ensure they understand the processes in place for the datasets they are working on. Teams regularly review their data handling processes. Data security is an ongoing priority for all teams and built into our ways of working as a default.

Data linking

We sometimes link datasets to increase the value and insight we can gain from our data and to avoid duplication of data collection. For example:

• the National Energy Efficiency Data-Framework (NEED) is formed from linking property level datasets (both administrative and commercial) to provide insight on energy use by domestic properties
• non-domestic NEED is formed from the linking together of three main data sources: building stock data, meter point electricity and gas consumption data, and business characteristics data
• Warm Home Discount (WHD) statistics involve linking WHD administrative data with population characteristics, mainly from NEED
• we link data from the English Housing Survey to households who have received measures under household energy efficiency schemes, so we are able to project the impact of energy efficiency improvements on fuel poverty in the current year

We only link data where we have permission from data owners and, where appropriate, have carried out a Data Protection Impact Assessment for personal data. Linked datasets are stored and handled securely, as set out above.

Data sharing

Any requests for onward data sharing would consider the original basis for collecting the data, the legal gateway and lawful basis for sharing and the purpose. Data sharing is only carried out if the relevant regulations and compliance requirements are met, including UK GDPR, legal obligations, and security standards.  We maintain a log of all data sharing arrangements, which includes a review date, and which is used to monitor and review such arrangements.