UK Defence Sector Data Rules: 6 Ways to Ensure Compliance

By Gianthomas Volpe

Published on March 28, 2023

UK defence sector soldier ensuring compliance while inputing data into his computer in his workspace

With data becoming more prevalent in every industry, organisations have to determine how to not only manage it but also drive value from it. The defence industry is no exception.

That’s why the UK Ministry of Defence’s (‘MoD’) published the Data Strategy for Defence which for the first time presented a clear vision for gathering, collating, and harnessing data by defence sector partners.

The MoD identify three key issues: firstly, that

‘Defence data operates in contractual, technical and behavioural silos’.
The sector has ‘a complex business model, with unclear accountabilities, presenting additional challenges for data curation and exploitation’.
‘Culturally, defence lacks recognition over the importance of data’.

Acknowledging how data is being effectively harnessed for commercial and operational benefit in other sectors, the strategy offers a detailed plan to make data ‘an enduring, strategic asset’, with clear outcomes to be achieved and six data defence rules.

These are rules for the whole sector to adhere to, including all MoD partners. Every organisation has a responsibility to:

Exercise sovereignty over data, including accountability and ownership
Standardise data across the defence landscape
Exploit data at the most effective and relevant point in the value chain
Secure digital data at creation and curation when handling, storing, and transmitting
Curate data, ensuring it is assured, discoverable and interoperable
Endure data as an asset beyond individual projects

What does that mean for your business? Here’s how to ensure compliance with these rules.

1. Sovereignty

Data sovereignty covers accountability and ownership. Businesses must establish what data they have, where it is stored, and how it is being used. It also means the establishment of clear policies around data which are always followed, irrespective of who has access to it.

Every individual must be able to trust the data they use, meaning individuals must take responsibility for their data and be accountable for it, beyond solely sharing it. A system that recognises certain people as accountable for curating and stewarding data helps ensure all people who access this data can trust it. Central to this is a culture where decisions are made based solely on data, rather than gut feel, seniority, or consensus.

Introduced in late 2021 by the EDM Council, The Cloud Data Management Framework (CDMC), sets out best practices and capabilities for data management challenges in the cloud. These cover managing and protecting cloud data, migrating it securely to the cloud, and harnessing automation and technology for optimised data management.

2. Standardising data

Standardisation entails the removal of data silos and bringing data together into a single access point, complying with all relevant industry, governmental, and technical standards.

Central to this is a uniform technology architecture, where individuals can access and interpret data for organisational benefit. Standardisation will also ensure easy reuse of data, by storing it consistently, with a single, authoritative source.

The key here is to harness the power of data quality technology to create an up-to-date, authoritative version of each dataset, with rules and policies which standardise data formats and alert users to anomalies in real time. Multiple users can then access the data in a readily usable format, as many times as is needed.

3. Exploiting data

Properly managed and interpreted, data can deliver enormous value. For this to happen, it must be effectively shared rather than simply available on a ‘need to know’ basis. Teams and individuals should have a single place to find, understand, use, re-use, govern, and collaborate around data.

A frictionless business model will enable a range of users to rapidly access the data for which they are authorised (and no more) then harness its power for commercial and operational gain.

Businesses must ensure data is FAIR: findable, accessible, interoperable, and reusable, through the use of software solutions. The acronym and principles were defined in a 2016 paper in the journal Scientific Data by a consortium of leading scientists and organisations and are widely viewed today as the benchmark for effective data governance.

4. Securing data

For both regulatory and ethical reasons, data must be fit for purpose, trusted, and secured digitally from the moment it is generated until the time it is removed.

Organisations have clear responsibilities around gathering, storing, and using data, especially personal data. GDPR is a universal requirement, but many sectors have their own local and international standards, too.

Companies which fall short in this area are at risk of data breaches and fines, as well as reputational damage if found to be culpable over poor practice.

For access and security to be sufficient, datasets need to be united. Storing data in the cloud expands in-house network capacity and enables access for all relevant people with the correct permissions, wherever they are based and whenever they need it. A properly managed cloud system provides a complete repository for all data, facilitating search and discovery, literacy, governance, self-service analytics, cloud transformation, digital transformation, and privacy, risk and compliance.

5. Curating data

Data curation involves organising and managing data to meet the needs and interests of a specific group of people — making data easy to find, understand and access.

All data must be cleansed, validated and then formatted so it can be understood and used organisation-wide. Data must be packaged with helpful metadata to support these goals, and the creation of rules and access guidelines for data depending on an individual’s role.

A system that recognises certain people as accountable for curating and stewarding data helps ensure all people who access data can trust it. Data stewards are responsible for ensuring that data assets are used effectively; as subject matter experts, they act as data trustees. The role of a data steward encompasses creating and managing core metadata such as a business glossary, documenting rules and standards, managing data quality, and operationalising governance.

6. Enduring data

Data is an enduring asset and capability, not just a resource. It persists beyond the life of a project, so it must be properly managed. When effectively stored, curated and shared it can deliver value for an organisation many times over.

For data to become an enduring asset, appropriate organisational culture — a data culture — is critical. Every individual must respect data and its role, and receive data literacy training appropriate to their own role and data responsibilities. Data ownership should be championed and those responsible for data should be accountable for ensuring it is well-managed and curated — stored correctly, updated when needed and readily accessible.

This will ensure it is always FAIR, fit for purpose, and available to those who need it.

The role of a data catalog

Those seeking to harness the power of data and accelerate their data strategy and comply with the six rules set out in the Data Strategy for Defence need to put in place the right tools for gathering, collating, accessing, using, and maintaining data. One tool that can play a central role in all these areas is a data catalog.

A data catalog can ensure that data is gleaned from across the organisation and is easy to find and access, in a form that users can understand and meets the needs of those individuals and teams who need to access and use it.

It will overcome the challenges posed by data silos by ensuring that data is: