Data governance refers to the policies and processes that define the appropriate use of data as it flows into and out of an organization. Data governance is not implemented through a single technology but rather is a wide-ranging discipline that comprises people, processes, strategies, guidelines and tools in order to achieve its goals.
Specifically, data governance and data governance initiatives are concerned with ensuring that organizations maintain high standards throughout the data life cycle — from creation to long-term storage, archiving and disposal — for the purposes of internal policies as well as external regulations. This is important because successful data governance leads to the right decision-making based on the right data; armed with accurate, consistent and up-to-date information about customers, markets and assets, an organization is able to act properly in response to new data-changing business conditions. Conversely, companies with poor data governance systems often find themselves floundering in fast-paced market conditions, paralyzed due to a lack of information or misled into making the wrong choices.
Data governance has become especially critical for global regulatory mandates such as the European Union’s General Data Protection Regulation (GDPR), which among other things, protects a consumer’s “right to be forgotten,” while imposing steep financial penalties of more than $20 million — or up to 4% of annual worldwide turnover — for violations.
Data stewardship requires a system of rules that are part of a data governance framework covering program objectives, approved methods for the creation, management and disposal of data, and metrics by which all of the above are managed.
In this article, we’ll investigate data governance in more detail, discuss the benefits of data governance and provide insight on how you can get started with a data governance program in your organization.
What is the value of data governance? Why are more companies turning to data governance?
What is data governance vs. data management?
What is a data governance framework?
What are data governance best practices?
What are evolving trends in data governance and risk management?
How does the cloud affect data governance?
How do you get started with data governance?
The Bottom Line: Strong data governance can be crucial for many businesses
Data governance is an essential tactic in the modern enterprise because of digital transformation and the increasingly critical value of resulting business data. If a business’s data is poor in quality, inconsistent, unavailable or compromised in some way, the business loses its ability to make accurate business decisions with confidence. Without insights generated from data analytics, the decisions that various business units make may in fact be severely misguided or completely detrimental to the organization, potentially resulting in negative business outcomes.
As an example — consider a business in the financial industry — in which data is the absolute lifeblood of the organization. As investments and money flow into and out of accounts, the business must track the resulting data with extreme precision and create a data catalog to know the location and value of its assets. If market conditions change and the company believes its investments are worth more or less than they actually are, it’s likely that management could make the wrong decision about whether to hold or sell those assets. Poor data governance could also cause a firm to issue inaccurate financial reports, make poor business decisions and even cause it to run afoul of government regulations.
The role of data governance is ultimately to make certain that data is consistent, accurate and up to date (e.g., that the price of a product is the same at Store #1 as it is at Store #2, that a customer’s address is the same in Database #1 and Database #2, etc.) and that this information is always current. As an enterprise grows (especially through acquisitions of other companies operating on different platforms), this endeavor becomes increasingly complex but also increasingly vital. In addition, emerging data privacy and regulatory compliance legislation, such as the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), is making effective data governance an essential business process, not only for workflows but also for compliance.
While data governance is built around policies and processes involving big data and metadata, data management and metadata management take those policies and processes and put them into effect. The two disciplines are naturally closely tied together, but while data governance is one of many inputs into data management, it’s not the only one.
More specifically, data management comprises a large number of processes and tools, including:
By contrast, data governance seeks to answer questions around the broader policies that define the rules by which data management should operate. Data governance also outlines the guidelines for data transfer to another server or a backup device, while data management enforces them.
A data governance framework is a set of specific policies and guidance by which your data governance strategy should operate. This framework ensures that policies are consistent and appropriate given your organization’s needs, and it allows the business to establish roles and responsibilities around how to treat data.
A data governance framework includes information about the policies and standards on the following issues:
The overarching goal of a data governance framework is to give an organization’s data stewards business intelligence and other tools to understand the value of its data and data assets while establishing the rules to manage that data. Adhering to this framework will help your organization improve the overall quality of its data and, over time, improve your business’s ability to make strategic decisions.
Every business has different needs and goals when it comes to data governance, but here are some of the most common guidelines for developing and establishing best practices.
The European Union’s General Data Protection Regulation (GDPR), created to control how businesses use customers' and employees’ personal data, became enforceable in 2018. It also continues to cause headaches for businesses working to maintain compliance.
GDPR holds businesses accountable for their data, especially if it’s compromised in data breaches, with extremely and rigorous guidelines. Thus, organizations that do any level of business with EU citizens need to be well versed in GDPR mandates — which include developing a strong data governance program to affirm compliance. As part of their data governance program, organizations will need to understand various types of information they collect about customers, including where they store that information, who the data owners are and appropriate levels of data access, how data is secured and what processes are in place to delete it when necessary.
The GDPR’s “right to be forgotten” rules also require an organization to delete any personal information about end users when they request it. Without a strong data governance program in place, complying with this type of legislation can be extremely challenging.
Recent events such as the COVID-19 pandemic and the passage of GDPR and other data privacy legislation have hastened the need for strong data governance. The following are some of the broader data governance trends that are emerging.
Cloud computing impacts data governance in much the same way that it impacts the entire IT environment. It also impacts data governance in the following ways:
Of course, it’s important to note that the cloud offers many benefits to enterprise data, including better data access, often much better performance and the ability to leverage cloud-based tools like RPA and AI services to process that data. Once an organization overcomes the challenges of migrating to a cloud environment, it can more easily realize these benefits.
When many organizations set out to create a data governance program, they’re surprised to find that they already have a semblance of one. If you have data policies about records retention, a mandate to encrypt customer data, or restrictions against keeping corporate information on home computers and mobile devices, you’re already on your way to building a data governance framework.
When you’re ready to launch a formal data governance program, the first step is to consider where your preliminary data governance policies have fallen short and to begin working to remedy them. Your data governance team should choose projects that have the highest value — a sensitive customer database that needs securing, for example — as well as ones can be completed fairly quickly. With a few small projects under your belt, you can move on to broader concerns in the organization.
Each data governance project, small or large, will need to be built around protecting the accuracy, integrity and security of the data. Consider the appropriate platforms for each data source and set rules around how to access them and why.
Each governance project will also need to account for the risk of data loss or breach, which often means inviting various stakeholders into the governance discussion. For example, IT should not be setting governance rules around a finance database without closely involving that department.
Finally, remember that data governance is not a one-and-done activity, and any data governance program will require long-term attention as it is tested and refined.
The risks of poor data governance are abundant, ranging from embarrassing missteps with customers to financial losses due to breaches to regulatory violations that carry legal penalties. Data governance may sound like a daunting topic, but it needn’t be. Even if you’re starting from scratch, following a few simple steps will make it relatively easy to put a framework in place that provides improved security, easier compliance and overall better quality of your data.
Your organization’s data is one of its most critical assets. Data governance is the key to giving your enterprise the tools it needs to treat it as such.