By now, we have all heard the phrase ‘data is the new currency’. And while that may be true to a certain extent, unlike currency, in the case of data, more doesn’t always mean better. In 2020, approximately 1.7 MB of data came into existence every second for each person worldwide. These rates will continue to grow year after year.
The exponential growth in the amount of data collected and stored by businesses is driving the need for robust data governance programs across organisations. Setting up a data governance program for your organisation can understandably seem like a daunting task.
Let’s start with the basics. According to the Data Governance Institute, “Data Governance is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.”
In essence, data governance protects the privacy, security, and integrity of data, while adding value to your business. Afterall, if you don’t know what data you hold, you can’t use it to drive business innovation and revenue.
Let’s explore a few key principles which lay the foundations for an effective data governance program:
Processes should be clear and transparent to both participants and auditors in how practices and controls will be introduced and implemented. This transparency will protect your organisation in the event of a data breach and will also allow you to continually learn from the way data is used throughout your business.
Accountability is the single most important principle not only in Data Governance but right across the trust office. It’s even included in the seven key principles of privacy, as set out in the GDPR. If no one takes ownership of your organisation’s data governance, it will be directionless and ineffective. However, accountability should not be left to just one department.
Data Governance is a team sport. Involving stakeholders from all departments, including leading executives, provides the best opportunity to establish meaningful data governance strategies that really work. The newly established data governance council will define data procedures and policies to be implemented across the organisation and will have the authority to ensure they are observed faithfully. They will also be able to represent the goals of each department – more on this later.
All actors within the data governance program should act honestly and be forthcoming about constraints, challenges, and other impacts of data governance decisions.
Good data governance enables organisations to make key decisions about managing date, realise value from it, minimise cost and complexity, and ensure compliance with ever-changing regulatory requirements. Reaching a consensus on “how to decide how to decide” can be a real challenge, particularly in larger organisations.
Different departments have very different goals and needs. Some may be concerned about analysis, reporting and decision-making. Some data shareholders want to limit access to certain information, while others want to increase this access.
A data governance framework collects rules, processes, and role delegations that ensure privacy and compliance in an organisation’s enterprise data management.
A well-planned data governance framework covers strategic, tactical, and operational roles and responsibilities. It enforces the democratisation of data; ensuring data is trusted, well-documented, and easy to find within your organisation, and that it’s also kept secure, compliant, and confidential.
The following data governance framework encourages you to ask:
• WHY your specific program should exist
• WHAT it will be accomplishing
• WHO will be involved in your efforts, along with their specific accountabilities
• HOW they will be working together to provide value to your organisation
• WHEN they will performing specific processes.
As with all areas of business, don’t try to boil the ocean. If starting from scratch, strive for quick wins and build up ambitions over time. Remember that Data Governance is a practice, not a project.
Organisational leaders rarely support the move to formal Data Governance “just because” it’s a good idea. Rather, these programs receive support because they can help address specific organisational goals. Just like any other effort that requires time, resources, and attention, Data Governance efforts should ultimately help the organisation:
• Make money, meet its mission, and/or increase the value of assets
• Manage costs and/or complexity
• Support other necessary efforts, such as Security, Compliance, or Privacy
As you consider your program, be sure that you’re clear about which of these concerns you’re addressing. It is important to track each of your program’s specific efforts to at least one of these categories.
Setting milestones and goals along the way is the best way to keep your team motivated while having benchmarks to ensure your program is headed in the right direction. Typical universal goals for a data governance program may include:
• Enable better decision-making
• Reduce operational friction
• Protect the needs of data stakeholders
• Train management and staff to adopt common approaches to data issues
• Build standard, repeatable processes
• Reduce costs and increase effectiveness through coordination of efforts
• Ensure transparency of processes
It is, however, also important to supplement these gals with more specific, actionable statements.
Data does not govern itself. Formal data governance requires that we focus of getting people across the organisation to take the “right” actions at the “right” time with the “right” data to get the “right” value out of the data as often as possible.
A people-first approach to data governance requires connecting policies to meaningful actions in their day-to-day responsibility like data consumption and analysis in contrast to disconnected governing policies and processes.
Consistent and effective communication helps show the impact of the strategy—from highlighting successes to reorganising after a setback.
However, discussions around regulations and frameworks can quickly become alienating, feeding into the false narrative that data governance obligations are obstructive to department goals. You want to inspire stakeholders to seek action. Wherever possible, use business terms and translate the academic parts of the data governance discipline into meaningful content in the business context, paying particular attention to how data governance helps them to achieve their strategic goals.
Defining control measures is critical to the success of data governance, as it helps ensure that activities are aligned with objectives, risks are managed appropriately, and issues are identified and addressed in a timely manner.
There are generally three types of controls that can be put into place:
Preventative controls: These seek to stop an issue from occurring in the first place and are typically implemented through policies, procedures, or training.
Detective controls: These detect issues after they have occurred and help identify root causes so that preventative controls can be put in place to stop them from happening again. Detective controls typically take the form of monitoring or auditing activities.
Corrective controls: These address issues that have already occurred and seek to mitigate the impacts. Corrective controls typically involve corrective actions or remediation plans.
The operating model is the key to success for data governance, outlining how the organisation will manage data and ensuring that everyone understands their roles and responsibilities. The operating model should be designed to meet the specific needs of the organisation and should be reviewed and updated on a regular basis.
Data governance is not something that can be done in isolation. It requires buy-in from all levels of the organisation, from the leadership team to front-line employees. Effective communication is essential to ensure that everyone understands the importance of data governance and knows what their role is in making it successful.
Critical Data Elements (CDEs) are the data points critical to an organisation’s success in a specific business area. It’s essential to identify CDEs to prioritise tasks and goals more accurately and ensure that everyone in the organisation understands which data is most important. For example, critical in one business area may not be critical in another. CDEs can be identified through a number of methods, including:
• Reviewing business process documentation to identify which data is critical to the success of each process
• Conducting interviews with key stakeholders to understand their data needs
• Analysing existing data to identify patterns and trends
Data governance is not a one-time event. It’s an ongoing process that should be continuously reviewed and updated to ensure it remains fit for purpose. As the needs of the organisation change, so too should the data governance framework. Regular reviews will help identify areas for improvement and ensure that the framework evolves to meet the changing needs of the business.
The best way to take control of your data governance program is to utilise the benefits of a data governance tool or software. This will help you to gain visibility into your data through automated discovery, classification, and cataloguing, and define and enforce data policies across your businesses’ data lifecycle and ecosystem to give the right people the right data, at the right time, for the right purpose.
Compleye’s Data Governance solution, layered on top of the OneTrust platform and configured by our OneTrust heroes, can help you realise the benefits below:
With an intuitive data catalogue across your organisation, anyone in your business can quickly find what they’re looking for. Policies can also be monitored, enforced, and improved more effectively.
Your data quality with automated discovery and classification will improve with greater accuracy, less manual work, and human error.
Avoid duplicating efforts and enable your business to work together within a single platform, with OneTrust’s broad range of enterprise privacy, security and data governance capabilities.
With the help of a data governance tool, you can successfully implement a program that will improve your business access to data, data quality and unify your privacy, security, and data governance initiatives.
Make sure your data is compliant, with automated scripts with defined rules congruent with the latest privacy laws for your region.
Even after knowing the right principles, frameworks, and best practices and having the right tools, data governance is not a quick fix for any organisation.
Setting milestones and goals along the way is the best way to keep your team motivated while having benchmarks to ensure your program is headed in the right direction. If you’d like to learn more about data governance or wish to speak to our experts, please request your consultation here.