The ICO exists to empower you through information.

We developed our data strategy in three phases.

1 Discover

In this stage, we completed a current state data maturity assessment across existing capability and explored ambitions towards our future desired state. This provided us with an understanding of where we are today and how data can enable our future role as a regulator.

2 Define

In this stage, we defined the key components of the strategy, identified the initiatives and outlined the required capabilities to drive real value in a rapidly evolving environment. This work included:

  • a gap analysis between the current and future state;
  • identification of business needs; and
  • definition of the pillars of our foundational capabilities along with initial high priority use cases.

In January 2024, we published the first draft of our data strategy on our website as part of a public consultation. We have carefully considered this feedback whilst developing this final version of our strategy.

3 Plan

Since the end of the public consultation in March 2024, we focused on building an actionable plan to implement the data strategy and deliver the required capabilities and value. As with all long-term planning activities, this sets the broad approach while leaving sufficient flexibility to adjust activities based on changing priorities, external impacts and acquired learning.

Delivery team and governance

We developed the data strategy with The Oakland Group, an established data strategy, engineering, governance and analytics consultancy, following a competitive tender. The work was led by our Digital, Data & Technology (DDaT) team, supported by Transformation and Delivery (T&D) and aided by a programme steering group made up of colleagues from across the organisation. We took particular guidance from our Data Analysis Network (the DAN), a grassroots organisation of people working in data roles or with a keen interest in the use of data. We also took input from our Executive Team and Management Board.

Data maturity assessment

“An organisation’s data maturity – its capability, effectiveness and readiness to use data – is fundamental to achieving its strategic, operational and corporate priorities.”

Central Digital and Data Office 

We started by establishing a baseline for our current data maturity. For this, we chose to use the emerging standard for data maturity measurement in the public sector: Data Maturity Assessment for Government (DMAG).

We collected evidence using three methods: survey, workshops and interviews. This involved colleagues across all employment grades and from almost all departments. Using three methods to collect evidence gave a more robust result and allowed us to obtain quantitative and qualitative outputs.

The Data maturity assessment looked at 10 capability areas and was assessed against five maturity levels: beginning, emerging, learning, developing and mastering.

The Data maturity assessment identified that we had ‘emerging’ maturity across six of the 10 capability areas. In two areas (Protecting your data and Taking responsibility for data) maturity was higher, at the ‘learning’ level. In two areas (Knowing the data you have and Managing and using data ethically) we were at the lower ‘beginning’ level.

10 Taking responsibility for data 3 - Learning Developing - score four out of five
Topic Current state Future state
1 Engaging with others emerging - score of two out of five Learning - score 3 our of five
2 Having the right data skills and knowledge 2 - Emerging Developing - score 4 out of 5
3 Having the right systems 2 - Emerging Developing - score 4 out of 5
4 Knowing the data you have 1 - Beginning Learning - score 3 our of five
5 Making decisions with data 2 - Emerging Learning - score 3 our of five
6 Managing and using data ethically 1 - Beginning Learning - score 3 our of five
7 Managing your data 2 - Emerging Learning - score 3 our of five
8 Protecting your data 3 - Learning Mastering - score five our of five
9 Setting your data direction 2 - Emerging Developing - score four out of five

Alongside this quantitative measure, we collected a rich set of qualitative insights on areas ranging from data quality, governance, skills, culture and technical capabilities. This identified a number of strengths, including:

  • a clear cloud adoption path;
  • early use of AI;
  • pockets of data skills and best practice;
  • strong governance and commitment to compliance;
  • leadership support for and investment in data capability; and
  • a passionate DAN.

We have also expanded data visualisation across the organisation, as outlined in case study two, below:

Data visualisation

We have been able to translate data into insight using powerful, interactive data visualisation tools. Through using such technology, people can review key performance information, and drill-down to answer questions such as 'how are we doing?', and 'are we meeting our KPIs?'. This insight provides people with the capability to make data-led decisions, and to determine the next actions to take to improve efficiency and effectiveness.

We believe that, through using data visualisation technology, and data storytelling skills, we can use enriched data to spot emerging trends and become more proactive with our decision making. People within our organisation are now using analytics products based on data visualisation and business intelligence technologies, such as Microsoft Power BI. These help colleagues to explore and evaluate the priority of new work requests, using this insight to make decisions on where to prioritise our finite resources to ensure maximum value for our customers.

We are on the start of our data visualisation and storytelling journey. In the future, we intend to explore opportunities for increased proactive disclosure, using nuisance call and messages, and cookie banner data as one example. Additionally, by sharing insight around our complaints data, we can empower external organisations to proactively address potential issues and improve their compliance stance.

There were more challenging insights from this research :

  • Strategy and planning drive data collection, rather than vice versa. We gather and store a lot of data, however we only use it as evidence to inform decision making in limited pockets.
  • The hierarchical and siloed data asset structure leads to no centralised framework for data governance. Data governance practices are not consistently applied, and when they are, it is at document rather than data element level.
  • Data ownership is mainly aligned to existing governance structures. These silos drive inconsistency in reporting and prevent standardisation.
  • A lack of enterprise-wide dictionaries or catalogues leads to inconsistency in the way we record and categorise data.
  • There is a widespread desire to make data-driven decisions, however, the ability to do this is limited due to the lack of comprehensive data sets.
  • Whilst there are instances of good practice, responsibility for mitigating bias and transparency of data processing is unclear.
  • Data literacy across our organisation is mixed, without clear value on data skills for those outside data specialist roles.
  • There is some siloed working and lack of data sharing across our organisation. A culture of ‘data gatekeeping’ is a barrier to sharing.
  • Data protection (DP) is recognised as critical across our organisation. There is an indication that attitudes to DP and cultural risk aversion could be a barrier to progress and innovation.
  • Compatibility between tools has not been adequately considered or implemented. We don’t always use the correct data tools effectively, consistently or efficiently.

First strategy and public consultation

In January 2024, we published the first version of our Enterprise Data Strategy for public consultation. We also consulted internally and met with a small number of organisations to receive direct feedback on our plans. This feedback has informed our updated strategy.

Please see Appendix One – Responses to the Consultation on Our Five-Year Data Strategy (2024 –2029).