Government is entering a new phase of modernising public services. Central to this plan is making it easier for different government departments to safely share information and use common digital systems. This helps services work better together, enabling faster, more joined-up support for citizens and civil servants who need it.
Over the past year, the Government Digital Service (GDS) has created a roadmap for modern digital government showing how new digital tools will improve services across government. The aim is to make everyday tasks, such as accessing benefits, renewing documents, or finding information, quicker, simpler, and more reliable.
Building on strong foundationsThe Data Protection Act 2018 and UK GDPR provide robust safeguards for all personal data held by government. These protections apply equally to everyone, ensuring that personal information is handled lawfully, fairly and securely.
To support the government's ambition for better joined-up services, the Office of the Chief Digital Officer (OCDO) has published the Principles for Securing Personal Data in Government Services. This guidance builds on existing data protection law to provide practical direction for teams developing a system or service that processes or shares personal data.
Why we developed these principlesWhen government departments share data effectively, they can deliver better outcomes, more efficient public services, and reduced burden on citizens who shouldn't need to provide the same information multiple times.
These principles focus on the operational challenges of managing datasets containing personal information that departments need to deliver essential services, such as managing benefits payments, tax, health records and vehicle and driver records.
The principles provide consistent standards that give teams confidence when sharing data across organisational boundaries, ensuring that the benefits of better-connected services are realised ethically and securely.
The ten principles at a glanceThe guidance sets out ten principles for securing personal data in government services:
Plan your response to incidents before they occur – maintain robust plans to detect, respond to and recover from any data incidents quickly and effectively. Minimise data exposure when sharing – share only the personal data that's genuinely needed for the specific purpose. Secure your supply chain – ensure third-party suppliers and partners maintain equivalent security standards when handling government data. Process data lawfully and ethically – handle personal data in line with legal requirements and ethical expectations, with clear justification for its use. Know who owns and is accountable for your data – establish clear accountability for each dataset, including responsibility for its protection and governance. Apply appropriate security controls – match security measures to the sensitivity and scale of the data being protected. Enhance privacy when combining data sources – use privacy-preserving techniques when linking datasets to protect individual identities. Use appropriate identifiers when matching data – handle personal identifiers carefully and proportionately. Consider the needs of all individuals – ensure security measures account for everyone, including those who may be in vulnerable circumstances. Ensure your team has the right skills and clearances – staff handling personal data must have appropriate training, expertise and security clearances for their role.These principles support secure-by-design practices and provide the foundation for trusted, effective data sharing across government.
How the principles were developedOur approach has been collaborative, bringing together GDS internal teams and colleagues across government with expertise in personal data management.
We worked closely with the Cabinet Office Government Security Group and experts from the National Cyber Security Centre through a series of meetings and workshops. Together, we defined what teams needed, scoped out the guidance, and produced a first draft.
Following that, we undertook a consultation period of over ten months with external stakeholders, including the Information Commissioner's Office, the wider data protection and cyber security communities across government, and representatives from the National Security community.
We tested the principles against actual data sharing use cases between large data-led departments including ONS, DWP and HMRC. After several iterations, the final draft was approved by GDS and published on GOV.UK.
What we're asking of youSenior leaders, delivery teams and data professionals across government are encouraged to adopt these principles as the foundation for secure, trusted services. Applying them early and consistently will support effective data sharing and help teams work confidently across organisational boundaries.
Leaders should champion these principles across their organisations, embed secure-by-design practices, and ensure teams have the skills and governance structures needed to maintain high standards.
By working together, we can ensure that government continues to use personal data responsibly, enabling better public services while maintaining the trust that citizens place in us.
https://dataingovernment.blog.gov.uk/2026/02/27/securing-personal-data-across-government/
seen at 14:46, 27 February in Data in government.