How to Implement a Data Governance Strategy

by KirkpatrickPrice / August 30th, 2021

It’s almost a cliché to point out that data is an asset and should be managed accordingly. We all know data has value and that, when correctly leveraged, it helps businesses to optimize operations ranging from human resources to manufacturing to marketing. Recent advances in data science and machine learning have made data even more valuable. But the phrase “data is an asset” misses a vital detail. Data is an asset only if it’s accurate, securely stored in compliance with relevant regulations, and available to those who can use it. 

Data systems that fail to fulfill these criteria may be a potential asset, but at best, they are less valuable than they might be, and at worst, they are a liability. 

Data governance aims to put data on the same footing as other business assets, including financial assets. Any effective business creates, documents, and enforces policies and procedures for managing financial assets. Policies originate at the top of the organization, are implemented by managers and employees, and influence many business operations. 

Data governance follows a similar pattern, but here the goal is to ensure that data assets are managed in such a way as to support data-powered business capabilities while ensuring that it doesn’t become a technological or legal liability. 

This article explores data governance, its key components, and the relationship between data governance and compliance.  

What is Data Governance?

Data governance is the policies, practices, and procedures that allow a business to realize the full benefits of data. Data governance aims to formalize control of data assets. In doing so, it empowers organizations and their leadership to exercise authority and guide decisions about data and its collection, storage, and processing.

Businesses without a data governance strategy manage data to some degree, but usually in an ad-hoc, informal manner, with managers and departments responsible for the data that falls within their area of responsibility. The organization as a whole has little insight into or formal control over its data assets.

Fundamentally, data governance is about empowering businesses to make the most of their data. In more concrete terms, the benefits of implementing a data governance strategy include:

• The ability to meet regulatory requirements around data security and privacy.
• The ability to leverage data to increase revenue and profits. 
• Comprehensive, coherent, and standardized data collection, processing, and access workflows.
•  A cross-organizational framework that limits rework, eliminates siloes, and ensures data can be leveraged across the business. 
• Employees and managers who are empowered to use data in the service of business objectives. 
• Data management systems with accountability and transparency. 

Data Management vs. Data Governance

Data management and data governance are closely related, but they are not identical. Data management focuses on logistics, whereas data governance focuses on policy and strategy. 

Data management is primarily concerned with the logistics of implementing procedures and technologies that allow an organization to use data effectively: how data is stored, how it’s prepared for use, how it’s accessed, how it’s secured, and how the flow of data through an organization is managed.  

In contrast, data governance focuses on the strategic level. It aims to create a documented formal structure. Data governance addresses issues related to data quality, the rules governing data collection and use, compliance with relevant regulations, and accountability.  You can think of data governance as one component of data management, just as financial governance is one component of an enterprise financial management system.

What Are the Key Components of Data Governance?

Data governance is a cross-organizational effort that may involve employees at all levels.  However, a data governance strategy is usually framed by executives with guidance from subject matter experts and stakeholders from within the company. There are many approaches to designing a data governance strategy, but most include the following components. 

• The data governance leadership—often a committee—are responsible for devising data governance policies that align with the business’s objectives. Larger companies may also have a separate team to measure and verify the effectiveness of data governance policies.

• Policies outline the purpose, scope, rules, and responsibilities related to a specific data governance concern. Policies should be guided by both the needs of the business and relevant regulatory standards around accuracy, access, privacy, and information security.

• Data owners or stewards are the individuals within an organization responsible for overseeing the implementation of policies. They are accountable for ensuring that data governance policies are implemented and maintaining the quality of data assets. Ownership may start at the top with a Chief Data Officer and move down through the organization into individual teams and departments. 

• Documented processes describe specific implementations of policies. Policies rarely mandate the tooling and day-to-day operations involved in achieving a data governance objective. Instead, stakeholders with relevant expertise create, implement, and document processes and procedures which support those policies. 

• Tooling is the equipment and software that supports data governance processes. 

• Internal and external audits enable an organization to verify how effective its data governance strategy is. 

It’s essential to recognize that data governance strategies impact regulatory compliance in several ways. Data governance policies affect operations relevant to SOC 2, HIPAA, PCI DSS, and other regulatory standards and legal obligations. When shaping a data governance policy, businesses should take their regulatory environment into account. 

A Data Governance Framework for Building Your Strategy

An organizations’ particular requirements shape its data governance strategy, and there is no one-size-fits-all solution. Business leaders should recognize the challenge of implementing data governance best practices throughout their organization. That’s why change management is a key aspect of data governance implementation. Data governance often leads to changes in job roles, creates new roles, changes employee responsibilities and accountability, introduces new tools and software, and more.

Nevertheless, it is possible to outline a general framework to guide your data governance strategy. At a high level, implementing data governance is a four-step process.

1. Survey your data. Before developing policies to oversee data systems, it’s helpful to understand how well they align with business objectives for quality, security, privacy, and availability. Data classification can also help reduce data risk; many frameworks and legal regulations have specific requirements for data classification, including SOC 2, HIPAA, GDPR, and PCI DSS. 
2. Create a granular set of policies that take into account business objectives, regulatory compliance needs, and data governance best practices. 
3. Enforce data governance policies and create data accountability through the implementation of relevant procedures and processes.
4. Create and measure key metrics to track the success of data governance efforts. Be prepared to modify policies and their implementations to improve data governance outcomes. 

As a business works to implement data governance, it’s often useful to track progress with a framework. One commonly used data framework was developed by John Ladley, author of Data Governance: How to Design, Deploy, and Sustain an Effective Data Governance Policy. Ladley proposes a 5-stage framework:

• Engagement — establish a clear vision of why data governance matters to your organization, ensuring that key stakeholders support and are engaged with data governance efforts. 
• Strategy — deliver a plan and a set of requirements that supports the organization’s data governance objectives.  
• Architecture and design — design organizational capabilities and operational frameworks that support data governance initiatives. 
• Implementation — roll out data governance processes and capabilities throughout the organization, including monitoring systems to track the implementation effectiveness. 
• Operate and sustain — continue to enforce data governance policies, extend capabilities, and monitor effectiveness as the business and data landscape evolves. 

Regulatory compliance and auditing are part of an effective data governance strategy. For innovative data security guidance and a comprehensive range of information security auditing services, contact KirkpatrickPrice today.  To learn more about AWS data governance and security, visit our AWS Cybersecurity Services to access our extensive resource library and AWS Scanner.