Skip to main content
Digital Iceland Frontpage
Digital Iceland Frontpage

Digital Iceland

Principles for Data Governance and Data Sharing

Purpose

Data is a central pillar of modern public administration and a foundation for informed decision making, effective services, and trust in interactions with the public. Without a coordinated approach to how data is handled, shared, and governed, duplication, inconsistency, and unnecessary costs can arise. This can slow progress and reduce the quality of services.

The principles set out below provide a shared framework for how government data is defined, maintained, and used. Their purpose is to support interoperability, quality, and security, clarify accountability, and contribute to simpler and more effective public administration that makes better use of data. They are also intended to guide coordinated approaches in policymaking, development, and procurement.

Digital Iceland has established policies, terms, and technical standards that apply to the development, operation, and integration of information systems. These should be considered and applied where relevant. The principles presented here build on that foundation and offer further guidance to support the effective use of government data.

Principles

1. Data Management and Common Strategy

Principle:
Data should be managed through a coordinated strategy, shared priorities, and clear governance across the public sector.

Implementation:
• A common data strategy and agreed priorities
• Clear governance structures and decision making processes
• Shared principles and requirements followed by participating parties

Why?
A coordinated approach to data governance supports consistency, clear priorities, and efficient development of infrastructure across public administration. Without it, applying these principles in practice becomes more difficult.

2. Single Source of Truth

Principle:
Each data domain should have a clearly defined origin, authoritative source, owner, and responsible party.

Implementation:

  • Data is registered once at the source

  • Data is retrieved rather than copied where possible

  • Clear definitions of source data and authoritative data

Why?
This reduces duplication, errors, and inconsistency, and helps ensure that decisions are based on reliable and shared data. A clearly defined source also supports better data quality and easier reuse.

3. Accountability and Data Ownership

Principle:
Each data source and authoritative register should have a defined data owner responsible for quality, definitions, and access, regardless of where the data is hosted or who operates the technical infrastructure.

Implementation:

  • A clearly defined data owner

  • A defined role for a data steward or data manager

  • A clear chain of accountability and decision making authority

Why?
Clear accountability supports good data practices. Without it, uncertainty can arise around quality, maintenance, and use of data, which may lead to slower decisions, higher costs, and reduced trust. This approach aligns with modern data mesh thinking.

4. Common Glossary and Data Definitions

Principle:
A shared glossary should be used so that key concepts and data definitions are aligned, approved, and maintained over time.

Implementation:

  • A common glossary for key concepts

  • Approved definitions used across institutions

  • Version control and clear processes for changes

Why?
This ensures that data has the same meaning across the public sector. Without shared definitions, the risk of misunderstanding and inconsistent interpretation increases.

5. Data as a Product

Principle:
Data should be treated as a structured and managed product with clear definitions, quality standards, access policies and service level agreements.

Implementation:

  • A clear data portal or other access channel

  • Metadata, a data catalogue, and documentation

  • Defined service levels and accountability

Why?
This approach helps ensure that data is useful in operations, analysis, and development. It encourages treating data as an active part of work rather than a secondary concern. It does not imply that data is sold, but that it is clearly defined, documented, and prepared for reuse.

6. Data Formats and Standards

Principle:
Data should follow common standards, definitions, and master data to support consistency.

Implementation:

  • Common data formats and definitions

  • Standardised master data

  • Version control of data

Why?
Without shared standards, combining data and building automated services becomes more difficult. Consistency is essential for interoperability.

7. Interoperability and Standardised Access

Principle:
Data should be accessible through secure and standardised connections that support interoperability.

Implementation:

  • Use of APIs and data portals as primary access methods

  • A shared interoperability layer such as Straumurinn

  • Access to data in real time or close to real time where possible

Why?
This simplifies integration, reduces costs, and supports faster development of services. The value of data depends on how it is used and shared, not where it is stored.

8. Separation of Ownership, Infrastructure, and Services

Principle:
Responsibility for data, technical operations, and service delivery can be distributed where appropriate.

Implementation:

  • Data ownership remains with the institution

  • Shared infrastructure is used where it is efficient

  • Service delivery can be distributed

Why?
This supports clear accountability while allowing flexibility and efficiency in development and operations.

9. Distributed Data and Shared Infrastructure

Principle:
Data should remain under the stewardship of the originating party, while infrastructure is shared where it provides value.

Implementation:

  • Data remains under the responsibility of institutions

  • Shared infrastructure is used where it is practical and efficient

  • Interoperability is maintained even when infrastructure is not shared

Why?
This approach balances ownership, efficiency, and reduced duplication in development and operations.

10. Traceability and Transparency

Principle:
All actions and access related to data should be traceable.

Implementation:

  • Robust audit logging of data assets

  • Recording of data lineage

  • Appropriate visibility where needed

Why?
Traceability supports trust, accountability, and compliance with evolving legal requirements.

11. Security and Privacy by Design

Principle:
Security and privacy should be considered from the outset and built into all design.

Implementation:

  • Sensitive data is encrypted both at rest and in transit

  • Access control based on defined groups

  • Access granted according to the principle of least privilege

  • Data classified according to the Data Security Classification of the Icelandic government

  • Different data classifications stored in separate solutions

Why?
This reduces risk, supports compliance, and strengthens trust.

12. Metadata and Data Catalogue

Principle:
Data should be registered with metadata in a shared data catalogue.

Implementation:

  • Clear information about what the data is, where it is located, and who is responsible

  • Information on quality and access

  • Consistent registration practices

Why?
Improves transparency, supports ease of use and is a cornerstone of self service.

13. Data Quality and Quality Management

Principle:
Data quality should be monitored and managed, with automation where possible.

Implementation:

  • Defined quality indicators

  • Automated monitoring

  • Processes for correction and improvement

Why?
This supports reliability, helps reduce errors and unnecessary costs.

14. Near-Real Time Data and Event Driven Architecture

Principle:
Data should be updated and shared as close to real time as possible.

Implementation:

  • Event driven information sharing

  • Subscription based access

  • Reduced duplication of data

Why?
This supports timely and well informed decision making.

15. Data Distribution and Charging within the Public Sector

Principle:
Data sharing between public sector entities should generally be free of charge, and fees should not hinder interoperability.

Implementation:

  • Data sharing between public sector entities is generally free

  • Any fees implemented are based on transparent costs

Why?
Charging can create barriers to sharing and reinforce silos. Free or consistent access supports interoperability, reduces duplication, and improves the use of data across public administration.

16. Ownership and Access to Data from Third Parties

Principle:
Data created within solutions developed for the state should be owned by the public sector and accessible without unnecessary barriers or excessive cost.

Implementation:

  • Clear contractual provisions

  • Access provided through a data portal

  • Funding and charges do not restrict data sharing

Why?
This supports independence, reduces costs, and ensures that critical data assets stay within the public sector.


Version: 1.0

These principles shall be reviewed with consideration given to the development of shared infrastructure, policies, and technical standards established by Digital Iceland, ensuring that they remain aligned with the evolution of digital public administration and government information technology.

Last reviewed: 1st July 2026