Is Data Governance just a Compliance Matter?

For many businesses, the concept of ‘data governance’ first appears on their radar screens when they need to comply with some national or international regulation concerning the acquisition and use of customer data. Laws like GDPR in Europe and CCPA in California have obliged organizations to adopt standard policies for the treatment of data relating to individuals outside the organization.

And yet, properly understood, data governance has implications that go well beyond simple regulatory compliance. The extension of good data practices and standards to the entire universe of data assets within the organization has the potential to profoundly transform the business operation for the better.

What is data governance?

Let’s start at the beginning with some simple definitions. DAMA defines data governance as

“the exercise of authority and control (planning, monitoring and enforcement) over the management of data assets.”

But the majority of organizations do not yet have a satisfactory framework to achieve this, as Gartner noted in a recent survey: “Fifty-five percent of the organizations Gartner surveyed identified the lack of a standardized approach to governance as the biggest barrier to achieving data governance objectives.”

The two chaotic years of the pandemic have only exacerbated the situation. With many people working remotely using mobile applications and devices, most businesses have seen their ‘data perimeter’ expand, increasing both the volume of data to be managed and the number of locations where it is held and used.

A survey has shown that 76% of C-Suite IT execs are concerned about ‘content sprawl’. 51% identified the growth in remote working as a top driver of the sprawl phenomenon. The CIOs surveyed also said ”sprawl is creating inefficiencies, driving up costs and contributing to new and greater data security risks.”

So, bearing in mind that there is more at stake than mere regulatory compliance, we’ll explore how organizations should approach building an effective data governance framework — but first let’s look at the business benefits it can deliver.

The benefits of data governance

Data is key to measuring business performance, but it’s also key to the strategic planning that can enhance future performance. Increasingly, every business unit — from marketing to the C-suite — is making data-driven decisions to create value and manage risks.

Techtarget provides a simple example of how poor data governance can impact performance.

“Without effective data governance, data inconsistencies in different systems across an organization might not get resolved. For example, customer names may be listed differently in sales, logistics and customer service systems. That could complicate data integration efforts and create data integrity issues that affect the accuracy of business intelligence (BI), enterprise reporting and analytics applications.”

According to Irion, a data governance strategy can help businesses:

• Better control risks
• Increase data security
• Gain greater transparency and auditability
• Develop an enterprise-wide vision of data
• Monitor processes efficiently
• Optimize vendor management
• Facilitate the Data Quality reporting and issue resolution processes.
• Improve decision-making

In real world terms, having a data governance strategy in place makes life easier for everyone. Most companies — especially large enterprises — have data silos that prevent everyone in the organization from benefiting from all the data. Aligning data — from creation to classification to formatting — is integral to empowering all employees with the same knowledge. Equally important is ensuring everyone knows how they are allowed to use that data.

Data governance best practices

For companies just undertaking data governance for the first time, this task can be daunting. According to TechTarget, “A well-designed data governance program typically includes a governance team, a steering committee that acts as the governing body, and a group of data stewards. They work together to create the standards and policies for governing data, as well as implementation and enforcement procedures.”

Once you have your people in place, it is time to decide on the rules. Data governance rules set the foundation for your entire governance operation and define how data should be handled. This encompasses everything from who gets which access rights to who owns and manages the data. Now is also the time to spell out your handling practices, and put a crisis plan into place. Set your minimum data quality requirements to help you evaluate processes when the time comes.

Once you have your people, rules, and processes in place Tomas Montvilas, Forbes Councils Member, suggests a few tips to keep in mind to make a governance project successful:

• Start small. “Small changes are easy to measure, providing ample opportunity to find out what works and what doesn’t,” advises Montvilas. Adding more processes later is easier than eliminating existing ones, so do not get carried away too early, and make sure each process works before rolling it out to the larger organization.
• Focus on the operating model. The goal of good data governance is to become invisible — second nature to everyone involved. “Ensure that the implementation and engagement with data governance have no negative impact on the operating model,” writes Montvilas. “Too much data governance overhead can cause the organization to spend too much time and resources, causing a reduction in overall performance.”
• Build a business case. Anyone who has tried to implement organization-wide change knows that having buy-in from everyone in the company is imperative. “Creating a business case for the organization with measurable goals, concrete benefits and expected outcomes will ease the integration of data governance processes,” according to Montvilas. As with any project, be sure to include measurable KPIs in your business case to illustrate to stakeholders how you will track progress.
• Define control measurements. On a similar note, Montvilas says, you can “evaluate the completeness of the data set, availability of data and timeliness of delivery” to evaluate if “data governance is proceeding as intended” and that each of these should improve as the project advances
• Data governance is a continuous process. A data governor’s job is never done. Data governance is not an object that is at some point finished. “However, with proper cultural maintenance, good data governance principles can become tradition, necessitating little to no upkeep,” writes Montvilas.

Data governance - using the right tools

In some sectors, first-class data governance has always been essential to business operations – news media and financial publishing are two examples. Eidosmedia platforms have been in use for over two decades in these sectors and incorporate a number of highly evolved data-management features.

They include the functionalities of powerful DAM (Digital Asset Management) platforms together with advanced access controls that govern users’ data access and actions with rigorous but unobtrusive workflow controls. They also provide a detailed audit trail of all user operations.

Their ‘unified platform’ architecture is far easier to manage and secure than the collections of applications that make up the conventional enterprise IT environment. Data flows are secure even across the most geographically distributed, cloud-based operations using mobile devices.

Eidosmedia operations have recently received security certification to ISO 27001 and 27017 standards. They are also compliant with the Risk Management Framework for the NIPR and SIPR networks of the United States Department of Defense.

Find out more about the Eidosmedia approach to data security.

Platform security. Download the ebook,