Building data infrastructure for personal data

Personal data is data that can be used to identify an individual. This could be their name, address, date or country of birth, bank details or National Insurance number. The way personal data is used and stored is protected by lots of legislation, including the Data Protection Act 1998.

How government uses personal data

Government departments and agencies often collect personal data to allow users to complete transactions and access services. For example renewing a passport, applying for a driving licence, claiming benefits or ordering a copy of a birth certificate.

Around 1.5 billion of these transactions happen every year, and a large number of them can only be successfully completed if the department or agency running the service can verify the identity of their user and check they qualify for the service they are providing.

Often the data government needs in order to deliver the right service to specific users does not all live within one organisation. This puts a burden on users, who then have to prove their identity and eligibility multiple times to different departments.

Traditionally, users have to prove their identity and eligibility by obtaining documents from various organisations and providers. These are often in paper form. Collecting, sending and validating these documents can be a time consuming and difficult process for both the user and the service provider.

What we’re going to do

Making things better will require better infrastructure for teams building these services. This is part of the broader data infrastructure work we’re doing which includes open registers and the transformation of We’re a fairly new team within GDS exploring the best ways to:

  • standardise processes around how personal data is reused, and build trusted and reusable tools to help departments and agencies follow them
  • ensure any tools we develop are transparent and offer choice where possible
  • help departments automate and digitise existing services reducing the time, cost and risk of recollecting, copying, storing and matching data

Query-based eligibility assessments

Eligibility assessments are when a department or agency checks that a user qualifies for something based on criteria such as their age, address or other status. As they’re one of the main reasons why personal data might be collected and shared between departments and agencies, we’ve decided to look at that first.  

GOV.UK Verify addresses the challenge of proving your identity to government digitally. We are focused on addressing data access to prove eligibility across departmental boundaries.

There’s lots of work to be done and we’ll have more to say about it over the next few weeks. For starters, we’re exploring how eligibility assessments can be made with no or minimal data sharing and user driven choice.


  1. Comment by Ian Litton posted on

    Great blog. The Warwickshire Blue Badge work ( shows a real need for this, customer appetite, huge potential benefits, and sets out an open standards solution. Looking forward to hearing more

  2. Comment by Phil Allen posted on

    Thanks, Irina
    > For starters, we’re exploring how eligibility assessments can be made with no or minimal data sharing
    In that regard, why return attributes to the (relying) service provider? Why not send the criteria to the attribute exchange hub?
    (User consent might remain the same, i.e. all the attributes needed for the query.)


Leave a comment

We only ask for your email address so we know you're a real person