Principles for Data Governance and Data Sharing
Purpose
Data is a central pillar of modern public administration and a foundation for informed decision making, effective services, and trust in interactions with the public. Without a coordinated approach to how data is handled, shared, and governed, duplication, inconsistency, and unnecessary costs can arise. This can slow progress and reduce the quality of services.
The principles set out below provide a shared framework for how government data is defined, maintained, and used. Their purpose is to support interoperability, quality, and security, clarify accountability, and contribute to simpler and more effective public administration that makes better use of data. They are also intended to guide coordinated approaches in policymaking, development, and procurement.
Digital Iceland has established policies, terms, and technical standards that apply to the development, operation, and integration of information systems. These should be considered and applied where relevant. The principles presented here build on that foundation and offer further guidance to support the effective use of government data.
Principles
1. Data Management and Common Strategy
Principle:
Data should be managed through a coordinated strategy, shared priorities, and clear governance across the public sector.
Implementation:
• A common data strategy and agreed priorities
• Clear governance structures and decision making processes
• Shared principles and requirements followed by participating parties
Why?
A coordinated approach to data governance supports consistency, clear priorities, and efficient development of infrastructure across public administration. Without it, applying these principles in practice becomes more difficult.
2. Single Source of Truth
Principle:
Each data domain should have a clearly defined origin, authoritative source, owner, and responsible party.
Implementation:
Data is registered once at the source
Data is retrieved rather than copied where possible
Clear definitions of source data and authoritative data
Why?
This reduces duplication, errors, and inconsistency, and helps ensure that decisions are based on reliable and shared data. A clearly defined source also supports better data quality and easier reuse.
3. Accountability and Data Ownership
Principle:
Each data source and authoritative register should have a defined data owner responsible for quality, definitions, and access, regardless of where the data is hosted or who operates the technical infrastructure.
Implementation:
A clearly defined data owner
A defined role for a data steward or data manager
A clear chain of accountability and decision making authority
Why?
Clear accountability supports good data practices. Without it, uncertainty can arise around quality, maintenance, and use of data, which may lead to slower decisions, higher costs, and reduced trust. This approach aligns with modern data mesh thinking.
4. Common Glossary and Data Definitions
Principle:
A shared glossary should be used so that key concepts and data definitions are aligned, approved, and maintained over time.
Implementation:
A common glossary for key concepts
Approved definitions used across institutions
Version control and clear processes for changes
Why?
This ensures that data has the same meaning across the public sector. Without shared definitions, the risk of misunderstanding and inconsistent interpretation increases.
5. Data as a Product
Principle:
Data should be treated as a structured and managed product with clear definitions, quality standards, access policies and service level agreements.
Implementation:
A clear data portal or other access channel
Metadata, a data catalogue, and documentation
Defined service levels and accountability
Why?
This approach helps ensure that data is useful in operations, analysis, and development. It encourages treating data as an active part of work rather than a secondary concern. It does not imply that data is sold, but that it is clearly defined, documented, and prepared for reuse.
6. Data Formats and Standards
Principle:
Data should follow common standards, definitions, and master data to support consistency.
Implementation:
Common data formats and definitions
Standardised master data
Version control of data
Why?
Without shared standards, combining data and building automated services becomes more difficult. Consistency is essential for interoperability.
7. Interoperability and Standardised Access
Principle:
Data should be accessible through secure and standardised connections that support interoperability.
Implementation:
Use of APIs and data portals as primary access methods
A shared interoperability layer such as Straumurinn
Access to data in real time or close to real time where possible
Why?
This simplifies integration, reduces costs, and supports faster development of services. The value of data depends on how it is used and shared, not where it is stored.
8. Separation of Ownership, Infrastructure, and Services
Principle:
Responsibility for data, technical operations, and service delivery can be distributed where appropriate.
Implementation:
Data ownership remains with the institution
Shared infrastructure is used where it is efficient
Service delivery can be distributed
Why?
This supports clear accountability while allowing flexibility and efficiency in development and operations.
9. Distributed Data and Shared Infrastructure
Principle:
Data should remain under the stewardship of the originating party, while infrastructure is shared where it provides value.
Implementation:
Data remains under the responsibility of institutions
Shared infrastructure is used where it is practical and efficient
Interoperability is maintained even when infrastructure is not shared
Why?
This approach balances ownership, efficiency, and reduced duplication in development and operations.
10. Traceability and Transparency
Principle:
All actions and access related to data should be traceable.
Implementation:
Robust audit logging of data assets
Recording of data lineage
Appropriate visibility where needed
Why?
Traceability supports trust, accountability, and compliance with evolving legal requirements.
11. Security and Privacy by Design
Principle:
Security and privacy should be considered from the outset and built into all design.
Implementation:
Sensitive data is encrypted both at rest and in transit
Access control based on defined groups
Access granted according to the principle of least privilege
Data classified according to the Data Security Classification of the Icelandic government
Different data classifications stored in separate solutions
Why?
This reduces risk, supports compliance, and strengthens trust.
12. Metadata and Data Catalogue
Principle:
Data should be registered with metadata in a shared data catalogue.
Implementation:
Clear information about what the data is, where it is located, and who is responsible
Information on quality and access
Consistent registration practices
Why?
Improves transparency, supports ease of use and is a cornerstone of self service.
13. Data Quality and Quality Management
Principle:
Data quality should be monitored and managed, with automation where possible.
Implementation:
Defined quality indicators
Automated monitoring
Processes for correction and improvement
Why?
This supports reliability, helps reduce errors and unnecessary costs.
14. Near-Real Time Data and Event Driven Architecture
Principle:
Data should be updated and shared as close to real time as possible.
Implementation:
Event driven information sharing
Subscription based access
Reduced duplication of data
Why?
This supports timely and well informed decision making.
15. Data Distribution and Charging within the Public Sector
Principle:
Data sharing between public sector entities should generally be free of charge, and fees should not hinder interoperability.
Implementation:
Data sharing between public sector entities is generally free
Any fees implemented are based on transparent costs
Why?
Charging can create barriers to sharing and reinforce silos. Free or consistent access supports interoperability, reduces duplication, and improves the use of data across public administration.
16. Ownership and Access to Data from Third Parties
Principle:
Data created within solutions developed for the state should be owned by the public sector and accessible without unnecessary barriers or excessive cost.
Implementation:
Clear contractual provisions
Access provided through a data portal
Funding and charges do not restrict data sharing
Why?
This supports independence, reduces costs, and ensures that critical data assets stay within the public sector.
Version: 1.0
These principles shall be reviewed with consideration given to the development of shared infrastructure, policies, and technical standards established by Digital Iceland, ensuring that they remain aligned with the evolution of digital public administration and government information technology.
Last reviewed: 1st July 2026
