Safeguarding personal information: the role of data protection in the public-sector

In today’s digital age, data is a valuable resource. So valuable that cyber security has become one of the biggest challenges to organisations in the contemporary world.

In 2017, a major cyber-attack on the NHS in England and Scotland¹ caused widespread disruption. The same year, the government’s digital service fell victim to its own breach, during which public usernames and email addresses were shared online².

Attacks like these mean that those in charge of the storage and processing of sensitive data must comply with legislative requirements, as set out in their country or region.

Navigating the digital age

Recent changes to UK and EU law add further weight to the argument for the prioritisation of data protection in the public-sector. While the law may not necessarily apply on a global scale, it’s an opportunity for public-sector organisations to learn how to better protect constituent data and enhance their service to local communities.

Introduced in May 2018 and designed to give individual’s more rights over their personal data, the General Data Protection Regulation (GDPR) comes at a time when virtually every aspect of modern life can be carried out online. It replaces legislation last updated twenty years ago and reflects the changing landscape and increased importance of data protection in the digital age.

Like any organisation that deals with personal information, UK public-sector bodies incorporate GDPR and a wider awareness of data protection into the way they work. Since its ransomware attack, the NHS has taken steps to improve resilience against future hacks, such as producing a ‘Cyber Handbook’ and undertaking 190 independent on-site cyber assessments of NHS Trusts³.

Building data protection into public sector management

So, how should professionals who work in the public-sector approach the responsibility of data protection?

One of the first steps is to establish an awareness of the types of information that flow within public-sector organisations and how they must be handled. This will enable the ability to create and implement secure information infrastructures that are accountable, easy to navigate and connected to other key systems. 

Recommended read: What can the collapse of Carillion teach the public-sector about commercialisation?

Acknowledging the need for better information management and collaboration between public-sector bodies, the UK Digital Strategy aims to create “one of the most digitally skilled populations of civil servants in the world” and lead digital change “in a way that is secure, with privacy and security considerations throughout every component and platform.”  

Incorporating data protection within every connected digital process can help public servants achieve a secure information framework.

Creating safe digital services that put the public first

Of course, the whole idea behind the digitisation of public services is to put the needs of citizens first. Personal data helps facilitate these systems, but user convenience should never come at the expense of data security.

UK think tank, Institute for Government, has published a set of guidelines on improving the management of digital government. This includes the recommendation that citizens should not need to repeatedly inform various parts of the state of their details in order to get access to services.”

This is something public services elsewhere in the world have already achieved. In Estonia, the law states that departments must look for data across different databases before asking citizens to repeatedly supply it⁶. Meanwhile in Singapore, a one-stop data platform automatically fills out government e-forms, enabling citizens there to apply quickly and easily for services such as education, benefits and housing schemes⁷.

Ideally, the public-sector should be interconnected to the extent that citizens are recognised and remembered, but with no shortfall in data protection. Infrastructure like this may still be a way off - but understanding benchmarks like these can keep data protection at the forefront of public servants’ minds.

The role of data protection in the public-sector is an important and ever-evolving topic, and one that is covered by our 100% Online Masters of Public Administration. Exploring the latest developments in the gathering, processing and dissemination of data within the public-sector can give you the digital awareness you need to make positive changes in your career. Download our brochure to find out more. 


  1. UNKNOWN. (2017) NHS ‘Could Have Prevented’ WannaCry Ransomware Attack [online] Available at: [Accessed 20.09.2018]
  2. UNKNOWN (2017) Government Data Site User Details Leak [online] Available at: [Accessed 03.10.2018]
  3. SMART, W. (2018) Lessons Learned Review of the WannaCry Ransomware Cyber Attack [online] Available at: [Accessed 20.09.18]
  4. DEPARTMENT FOR DIGITAL, CULTURE, MEDIA & SPORT (2017) Digital Government – Maintaining the UK Government as a World Leader in Serving its Citizens Online [online] Available at [Accessed 21.09.18]
  5. THORNTON, D. & CAMPBELL, L. (2017) Improving the Management of Digital Government [online] Available at [Accessed 21.09.18]
  6. THORNTON, D. & CAMPBELL, L. (2017) Improving the Management of Digital Government [online] Available at [Accessed 21.09.18]
  7. UNKNOWN. (2018) Initiatives: MyInfo [online] Available at [Accessed 03.10.18]

Add your comment