How I fell in love… with Data Governance (no, really)

Read this romantic story, learn how I fell in love with Data Governance and see why I never worried about compliance again.  


You need Data Governance more than it needs you

Reasons to be interested in Data Governance

If just hearing “Data Governance” fills you with dread, confusion or boredom — then you’re doing it wrong. It’s probably your business’ most undervalued area. And, with the right mindset (plus a read through our new eBook), a good data governance programme can transform your organisational approach to data and unlock its value. Stop looking at data governance as a compliance burden. Reimagine this obligation as a catalyst for change instead. Stop snoozing, start falling in love with data governance, and read on to find out about the latest in European compliance.

Data Governance has been on the shelf for a while

Why is now the time to look at Data Governance with fresh eyes

It’s never a bad time to change your attitude towards Data Governance, and today there are three common reasons to take a fresh look:

  1. An expanding data-management challenge creating highly complex environments.
  2. Getting left behind by competitors, who are already unlocking endless opportunities through harnessing the ever-growing value of using their data properly (like these folks).
  3. The introduction of new regional regulations, adding a compliance burden to the already unmanageable pile of requirements.

Regulation might be making data governance urgent now, but it's always been important. If you can make data governance a “want to” rather than a “have to” – also a good principle for dating, in fact – your programme will be built on strong foundations that ultimately lead to competitive advantage.

The dating profile for Data Governance needs work

What Data Governance really means

Data Governance is often perceived as dull. Shocking, right? But take a look at the hobbies of Data Governance instead, and you’ll see it has a lot to offer: 

  • Ensuring data quality 
  • Optimising the location and geography of data
  • Managing data effectively as an asset
  • Eliminating data complexity and silos
  • Inspiring reuse and sharing of data
  • Improving staff understanding of, and confidence with, data
  • Growing an organisational culture where data is important
  • And so much more - check out the full list here.

See? Data Governance has way more to offer than only data security, privacy, legal obligations and compliance frameworks. Data Governance is not a time-sucking tick-box compliance exercise; in fact, compliance is a business enabler. Because of compliance obligations, organisations provision resources, people and time, while fines from regulators provide quantifiable cost of a lacking approach. 

Our motto: if regulation gives you a springboard to improve your Data Governance, use it. 

To the regulation… and beyond!*

At Splunk, we often say that security is a data problem. So let’s take a look at legislation in both security and data, from the EU and the UK, to understand what’s coming next in the exciting, wild world of compliance. And if you just can’t get enough, check out our summaries of France 🇫🇷 and Germany-specific 🇩🇪 regulations in these respective local language blogs. 

European Union 🇪🇺

NIS2, EU Data Governance Act & the new EU Data Act

In 2023, technical legislators and compliance folks have a lot to think about! As well as maintaining compliance with existing legislation like GDPR, there are new obligations to focus on: the NIS2 Directive (see our blog) and the EU Data Governance Act (DGA)

As the main piece of EU legislation on cyber security, the NIS2 Directive has gained a lot of attention since it was formally adopted last year. Obligations listed in NIS2 on reporting and risk management measures aim to give a higher level of protection and resilience in critical sectors - and broadening which entities and sectors are in scope. You can read more about NIS2, and Splunk’s take on it, in our recent blog.

Data sharing is becoming increasingly critical to many sectors, especially for cyber security. The EU Data Governance Act (DGA), applicable from September 2023, aims to facilitate data sharing across sectors and EU countries, so that data can be leveraged for the benefit of European citizens and businesses. Part of the European Data Strategy, the EU DGA promotes exchange of B2B data and the concept of ‘data altruism’: to make data available for the common good. 

Data Act

But that’s not all! The EU is likely to finalise negotiations for a  new Data Act in 2023, to clarify who can create value from data shared under the EU DGA and under which conditions. Amongst possible measures, companies will likely be obliged to share certain data sets with other companies, as well as with public authorities, in response to an ‘exceptional need’. It’s predicted that the data holder will be compensated for making the data available. A key component of the Act is that in future, changing data processing (cloud) services should be easier, due to increasing interoperability and abolition of switching fees. 

Data and security is top of mind for EU legislators, but it doesn’t stop there. Let’s take a country-specific look…

UK 🇬🇧

The legislation that just won’t quit: NIS Directive

Following a consultation in 2022, the UK government announced its intention to update its NIS regulations to improve the UK’s cyber resilience. The decision to revisit the UK’s implementation of the Network & Information Systems (NIS) Directive has allowed important new changes, such as bringing managed service providers into scope of regulation, and improving incident reporting. 

Top tip: leverage the Cyber Assessment Framework (CAF), which is a really helpful guide for organisations to identify shortcomings in their resilience and to help to meet the current NIS Regulation, - made by the NCSC (the UK’s technical authority on cyber security). The CAF has a range of helpful guidance to measure and improve an organisation’s security. The CAF will be used to benchmark central government departments too, as part of the 2022 UK National Cyber Security Strategy; the CAF underpins Pillar 1 of the strategy to “build organisational cyber resilience”.

Elsewhere, the UK is taking more of a sector-by-sector approach to security regulation. Most recently, requirements for the telecoms sector were released in the Telecommunications Security Act (2022) to prevent attacks on their infrastructure. The recommended good security practice isn’t new, and the threat isn’t new either (with attacks publicly announced back in 2018) - but the regulation is! So remember that motto: if regulation gives you a springboard to improve your Data Governance, use it. 

With all these new and existing regulations, there’s never been a better time to revisit your approach to compliance and data governance. 

“It’s not you, Data Governance - it’s me”

Read our eBook on Data Governance to find out if it really is you… or your Data Governance that’s lacking.

We cover:

  • Reasons to be interested in Data Governance (and stop yawning)
  • Why you need Data Governance more than it needs you 
  • Data Governance’s makeover and fresh new look
  • Some considerations for data sovereignty
  • Common obstacles to good Data Governance
  • Immediate questions to ask, to assess your maturity and where to improve
  • Why Splunk & Data Governance are made for each other

Don’t delay, download the eBook here and put yourself out there with Data Governance ❤️.

*The above lists are not complete and regulations are subject to change. Please regularly check for updates on official government websites and seek legal advice if necessary.

Kirsty Paine
Posted by

Kirsty Paine

Kirsty Paine (she/her) is a Strategic Advisor in Technology and Innovation for Splunk’s EMEA region, where she provides technical thought leadership for strategic accounts. As an experienced technologist, strategist and security specialist, she thrives on understanding difficult problems and finding creative solutions. Her long-standing mantra, after nearly a decade working in cyber security, is simple and straightforward: "Make Good Choices".

Kirsty's background in cyber security stems from her mathematical roots, built on by her time working for the UK National Cyber Security Centre, where she spent years specialising in security, privacy and internet technologies. There, she often joked that her job was to look after two simple things: the security of 1) the internet and 2) all of its things. This role required a lot of technical strategy, coupled with international engagement across industry, and quite a lot of patience.

When not finding or fixing problems, Kirsty can usually be found in the gym or surrounded by sushi (making it, eating it, or both).


Show All Tags
Show Less Tags