Guidance

Make better use of data

Use data more effectively by improving your technology, infrastructure and processes.

To meet point 10 of the Technology Code of Practice your plans must show you’ve considered the data lifecycle.

If you’re going through the spend control process you must explain how you’re meeting point 10. If you cannot meet this point you must tell the spend control team your reasons.

How improving data use will help your programme

Improve how you use and manage data to:

  • save time and money, by reusing open data that is already available
  • make sure infrastructure and services contain consistent information
  • give your users a more consistent experience when using government services online, which builds trust
  • minimise data collection and duplication
  • make datasets interoperable which will increase opportunities for data use

Follow the required data regulations

When using data you must follow the EU General Data Protection Regulation (GDPR) that came into force on 25 May 2018. More information on GDPR is available in point 7 of the Technology Code of Practice and the ICO’s Guide to the General Data Protection Regulation (GDPR).

You must also:

How your programme can make better use of data

Here are some best practices for collecting, storing, analysing and sharing data from other departments, other governments and other sectors.

Getting the right technology, processes and training

Make sure your data collection practices, data tools and infrastructure meet user needs, are scalable and encourage collaboration. Also consider the following questions:

  1. Do you have the right tools to capture and store the data you need?
  2. Are your processes for data collection ethical and transparent?
  3. Are your processes for data collection secure?
  4. Have you chosen the most efficient data collection processes for the data you need?
  5. Do staff have the skills they need or do you need to arrange training?
  6. Does the way you do data entry ensure data accuracy and trust?
  7. Do you standardise the data after collection so it is easier to create interoperable data?
  8. Does the data have an assigned owner?
  9. Do you need to anonymise your data to make it non-attributable?

Storing and maintaining your data

Make sure you secure your data tools and infrastructure and hold it for specified purposes to comply with:

You should also make sure that newly collected data is easily accessible to APIs for future use. Consider the following questions:

  1. Where is your data stored and does the location meet your organisation’s security requirements and meet guidance on moving data outside of the UK?
  2. Do you follow the Data Protection Act 2018?
  3. Have you considered whether to use cloud technology, data centres such as Crown Hosting, or on-premise networks?
  4. Does your technology meet the required standards and is it scalable/flexible?
  5. Is your technology set up according to data security best practice?
  6. Does any of your data have protected characteristics that needs encryption or more secure storage?
  7. Are your security processes regularly reviewed and updated?
  8. Is you technology compliant with privacy law GDPR?
  9. Do you use Open Standards and clear processes to make sure you can analyse, and where appropriate, share data with other departments?
  10. Do you have processes to make sure data is stored and accessed in line with the GDPR?
  11. Do your processes make it easy to keep data current and accurate?
  12. Does your data have clear audit trails that clearly show how individual data records are accessed and updated?
  13. Do you have the right amount of storage for the volume of data your organisation processes, or a way to scale your storage as data usage changes?

Using and publishing your data

Follow the Data Ethics Framework to make sure you’re using data efficiently and based only on user needs. Consider the following questions:

  1. Where will you publish your data?
  2. How can you share your non-sensitive data to minimise duplicate data sets?
  3. How can you choose data tools and infrastructure that keep pace with user needs, are scalable and encourage collaboration?
  4. Do you use open standards and patterns to make it is easier to analyse data, and where appropriate, share it with other departments?

You can use scientific analysis and conduct A/B testing to help make data driven decisions. For example, how the Government Digital Service used data to improve content and user journeys on GOV.UK.

When you’re publishing data, make it open by default and follow the Open Data Principles. Also consider these questions:

  1. Do you have processes and safeguards to check what data you publish and how you keep your sensitive data safe?
  2. Do you follow the Information Commissioner’s Office Code of Practice for data sharing? (Please be aware that the ICO is in the process of updating this guidance)
  3. Do you use the API technical and data standards and the government’s API catalogue?

Archiving, deleting or renewing data

You should check where your data is in its lifecycle and only keep data for as long as necessary. You should consider these questions:

  1. Is there a process in place to decide when it is right for your organisation to retire or archive data?
  2. Is there a process in place to decide what data you can delete and replace with new or updated data?
  3. Is there a process in place that meets the GDPR requirement to delete an individual’s data on their request?
  4. Do you have a process for securely deleting data when it’s no longer needed?

Policies and guidance available includes:

Published 6 November 2017
Last updated 20 December 2019 + show all updates
  1. This guidance has been updated based on user research and cross-government feedback.

  2. Addition of content about audit trails

  3. First published.