Guidance

Designing your connected place to protect its data

Updated 10 July 2023

This was published under the 2019 to 2022 Johnson Conservative government

Connected places collect and process huge amounts of data which comes with its own risks. It is important that connected places project leaders/managers, IT professionals, cyber security leads and those managing and processing users’ information, understand what data their connected place collects and where it is stored, as well as have confidence it is being stored and transported securely. The following guidance outlines key things to consider and the current best practice, it may be particularly relevant to data officers or individuals with responsibility for managing your organisation's data.

This guidance is relevant to:

  • Connected places project leaders/managers
  • IT professionals
  • Cyber security leads
  • Information managers, processors and users

Protecting Bulk Personal Data

Owner: National Cyber Security Centre

About this guidance: This guidance outlines 15 good practice measures for the protection of bulk data held by digital services. It provides connected places project leaders/managers, IT professionals and cyber security leads with advice on what to look out for in how your system is designed, implemented and operated to help protect your bulk data held by digital services.


Security-Minded Approach to Open and Shared Data

Owner: Centre for the Protection of National Infrastructure

About this guidance: This guidance provides a framework on how connected places project leaders/managers, IT professionals and cyber security leads can adopt a security-minded approach to the sharing of data without undermining the principles of open data or reducing the benefits of data sharing.


GDPR Security Outcomes

Owner: National Cyber Security Centre

About this guidance: This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.


Guide to the UK General Data Protection Regulation (UK GDPR) (Security)

Owner: Information Commissioner's Office

About this guidance: This guidance will provide connected places project leaders/managers, IT professionals and cyber security leads with an understanding of the 'security principle' of the UK GDPR policy.


Secure Communications Principles

Owner: National Cyber Security Centre

About this guidance: This guidance aims to help connected places project leaders/managers, IT professionals and cyber security leads assess the security of voice, video and messaging communication services.


Security-Minded Approach to Digital Engineering

Owner: Centre for the Protection of National Infrastructure

About this guidance: This guidance outlines how all those involved in the design, procurement, implementation and management of connected places can apply a security-minded approach to digital engineering, for instance using information generated by sensors and contained within digital models.


Pattern: Safely Importing Data

Owner: National Cyber Security Centre

About this guidance: The guidance identifies a set of technical controls which can be used to manage the risks associated with importing data over a network. It is particularly relevant for systems where integrity or confidentiality are paramount, such as those which handle sensitive or personal data, classified information, valuable transactions, or those which operate industrial control systems.