V 0_1 This is a new service, help us improve and give your feedback by email.

Making data work fit your city's vision

🎯 Theme: From side project to strategic priority

This page outlines how cities can align their data strategies with existing municipal and national policies while navigating regulatory requirements to ensure legal compliance, build executive support, and create sustainable data governance practices

Every city or municipality already has several policies and strategies around different aspects to guide its implementation. In many municipalities, there’s a strategic plan that defines the city’s vision in the medium- and long-term about solving key issues in their geographic space. Similarly, national governments have policies that relate to broad frameworks on how to solve key challenges. Some of these policies speak to the approach used to make the country digitally advanced.

A data strategy must align with broader municipal and national policies to gain necessary support. For instance, if a city’s strategic plan aims to improve resident services within 5 years, the data strategy should clearly demonstrate how it will help achieve this goal. This alignment is essential because executive managers and political leaders use these policies to implement the priorities that citizens voted for. If the data strategy is prioritised at that executive level, it is more likely to have a broader impact across the city/municipal system.

It is also critical that there is a strong understanding of the regulatory environment in which the data strategy will be developed and executed is essential to ensuring that data practices are legally compliant, ethically sound, and aligned with public expectations around privacy, transparency, and accountability.

Managing privacy and data governance challenges should be approached by understanding existing regulations and principles for data sovereignty. Data regulations—like POPIA in South Africa, GDPR in Europe, and Brazil’s General Personal Data Protection Law—exist to protect personal information from inappropriate uses and to advise governments on how to establish data governance practices that protect the right information while also allowing them to publish public information for public benefit.

As such, regulations often provide classifications or distinctions between data that should remain private (for example, personally identifying information like name, address, or health status) and data that can be considered public domain to allow for free flow of information and freedom of expression.

Cities developing a data strategy should take the following actions to ensure they align with and adhere to different national and regional priorities and regulatory requirements.

Identify Strategic Priorities at Each Level of Government

One of the most effective ways to ensure a government organisation commits adequate time, resources, and attention to implementing their data strategy is to align it with existing priorities at various levels of government which are planned or in-motion.

Steps to conduct this exercise can be as follows:

image.png

When conducting research for a state or province, you should identify national-, municipal/county-, and city-level strategies, performance frameworks, and budgets, then scan them for key words like “data”, “ICT”, and “digital” to see where relevant efforts may be taking place. Counting the number of references to these keywords can be a signal for their importance within different organisations as well.

Also look for non-digital-related priorities like improving service delivery, advancing economic development and job creation, or investing in education and health. These themes demonstrate the interests of a particular population and where they’d be willing to run digital or data pilots or invest further resources to scale solutions which support their goals. Documents should be reviewed to determine municipal priorities and whether data and/or digital means are being leveraged in the plans’ implementations.

When current-year documents cannot be located, the next earliest year of publication is referenced. In some cases, documents are not public or included on the official websites, but can be accessed either by reaching out to city employees directly. Alternatively, further research to identify lesser-known initiatives may be warranted so the entity in question’s digital or data efforts aren’t overlooked. A lack of public information is an area of opportunity to improve transparency as part of future strategies in and of itself.

Finally, summarise the findings with any key insights about which entities are more advanced with regard to digital and data work, how they map to the leading organisation’s existing strategies, and any notable areas of opportunity they can build upon.

Understanding the Regulatory Landscape

  • Map existing local, national, and international data regulations relevant to your operations.
  • Identify key legal obligations for data collection, storage, use, sharing, and deletion.
  • Monitor evolving regulatory trends, such as AI governance, cross-border data flows, and open data policies.

Data Classification and Handling Requirements

  • Distinguish between categories of data: personal, sensitive, confidential, and public.
  • Implement procedures for handling each data type according to regulatory requirements.
  • Align data retention and destruction policies with legal standards and best practices.

Privacy and Sovereignty Considerations

  • Respect principles of data minimization, purpose limitation, and consent.
  • Acknowledge jurisdictional rules around data sovereignty, especially for cloud storage and international data transfers.
  • Incorporate privacy-by-design and security-by-design principles into new systems and processes.

By proactively navigating the regulatory environment, organizations can build more resilient data practices that protect individual rights, foster public trust, and unlock greater value from data use.