Guidance on Using Government Data Effectively, TCoP

Guidance

Make better use of data

Use data more effectively by improving your technology, infrastructure and processes.

From: Government Digital Service and Central Digital and Data Office Published 6 November 2017 Last updated 24 March 2026
— See all updates Get emails about this page Print this page To meet point 10 of the Technology Code of Practice (TCoP), your plans must show you’ve considered:

• how you will manage data throughout its lifecycle
• if any data you need is already available in government in part or in full
• how you collect and use data to continually improve your services
• how you can make your data accessible across government
• how the public can access your data
• how you will meet any relevant regulations If you’re going through the spend control process you must explain how you’re trying to meet point 10.

How making better use of data use will help your programme

Your programme will benefit from:

• saving time and money, by reusing open data that is already available
• reducing the risk of error and fraud, such as using standard identifiers for properties and streets to catch invalid addresses
• infrastructure and services containing consistent information
• a more consistent experience for citizens when they use government services online, which builds trust
• only collecting the data you need and only collecting it once
• making datasets interoperable to make data easier to share within your organisation and across other government organisations

Follow the required data regulations

When using data you must follow the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR).

Make sure you only hold data for specified purposes and consider the:

• Data Ethics Framework when considering ethical issues around using and assessing data
• Open Data Principles
• ICO’s Data Protection Impact Assessment when assessing if you’re following GDPR
• the National Cyber Security Centre’s Protecting bulk personal data guidance
• point 9 of the Service Standard on creating a secure service

Plan how you will manage your data throughout its lifecycle

Make sure your data is not dependent on the lifecycle of your technology or service. Define and manage your data’s lifecycle and storage in line with the rest of your organisation’s data estate so that you can continue to use the data for as long as you need it.

Consider using open standards to make sharing and reusing data easier. You should aim to make any of your data associated with your technology or service reusable by other government organisations. This does not include data that falls under GDPR rules or highly classified data.

Choosing the right technology, processes and training

You will need to choose the right data tools for collecting, storing, analysing, sharing and retiring data. Your choice should take into consideration the skills and capabilities you have within your organisation.

You should make sure your data collection practices meet user needs. You should also make sure your data tools and infrastructure are scalable and encourage collaboration.

Your data tools and infrastructure should:

• be understandable and accessible to staff who need to use them
• help ensure your data is current and accurate

• meet security requirements
  Also consider whether your business processes include:

• training for staff

• recording the data you have and how you share it

• planning for data use across technology and services

• standardising data after collection so it’s easier to make it interoperable

• a purchasing strategy which considers the total cost of a technology tool or service through its full lifecycle

• automated decision making using the Ethics, Transparency and Accountability Framework for Automated Decision-Making

Agreeing and exiting supplier contracts

When you are using a supplier, you should make sure the contract provides you with access to all your data. Your contract must also specify the exit and renewal arrangements for your data. This includes making sure the supplier returns your data:

• in an open data standard format from the underlying database
• through an API that follows the API technical and data standards If you are agreeing a contract of over £20 million, the supplier must provide this API, as outlined in the Model Services Contract guidance.

Storing and standardising your data

The Government’s Data Standards Authority and the Open Standards Board have approved a number of open standards for data for use by the government. Where possible and appropriate, you should use these standards to make it easier to analyse data and share it with other departments.

You should use the API technical and data standards and consider:

• where you will store your data and whether the location meets your organisation’s security requirements
• having a cloud hosting strategy
• making sure your chosen technology is scalable and adaptable for changing requirements
• making sure your data has audit trails that show how individual data records are accessed and updated
• how your organisation uses data and how easy it is to scale areas such as storage to meet your needs

Publishing and sharing your data

Follow the Data Ethics Framework to make sure you’re using data based only on user needs.

Where possible you should work in the open and publish your data. If you plan to publish data, you should consider how you will follow the:

• Open Data Principles to ensure your data is open by default
• government metadata standards to improve data sharing across government
• Information Commissioner’s Office Code of Practice for data sharing to ensure you make the right decisions when sharing personal data
• API technical and data standards and the API design guidance when developing an API to publish your data

• guidance on managing your data for access and reuse
  You should also consider:

• using open standards to make any future data analysis easier, and where appropriate, share data with other departments

• where you publish your data

• how you can share your non-sensitive data to help minimise duplicate data sets

• what data tools and infrastructure you need to keep pace with user needs and encourage collaboration

Archiving, deleting or renewing data

You should only keep data for as long as necessary. You will need to put a process in place to help you decide when to update, delete, retire or archive your data. You should have processes to:

• decide when it is right for your organisation to retire or archive data
• decide what data you can delete and replace with new or updated data
• meet the GDPR requirement to delete an individual’s data on their request
• securely delete data when it’s no longer needed Next: Technology Code of Practice Point 11 - Define your purchasing strategy

Related guides

Policies and guidance available includes:

• Government technology standards and guidance
• Data Ethics Framework
• Publish and use government’s open data
• General Data Protection Regulation (GDPR)
• Data Protection Act 2018
• API technical and data standards
• Open standards for government data and technology
• Open data principles
• Digital Economy Act 2017 part 5: Codes of Practice Published 6 November 2017 Last updated 24 March 2026 show all updates
• 24 March 2026

Updated references to UK GDPR.
2.
21 July 2023

Updated to 2022-2025 digital strategy. Replaced GDPR link with reference to UK law.
3.
31 March 2021

Addition of a temporary research survey to get user feedback on the Technology Code of Practice.
4.
7 December 2020

Updated content to align with the Data Standards Authority.
5.
20 December 2019

This guidance has been updated based on user research and cross-government feedback.
6.
5 October 2018

Addition of content about audit trails
7.
6 November 2017

First published.
Get emails about this page Print this page Contents