Who has ultimate responsibility for all data within their business domain?

Data governance is a cross-functional framework that governs the process of data creation, maintenance and the purging of data. Many people incorrectly believe that no extra effort is needed to put governance in place if they already have rules for data maintenance in place. However, just having a rule set for data maintenance is not sufficient. In order to have an effective data governance framework you need:

• Procedures and tools for master data maintenance
• Documented processes, including work flows and approval processes
• A documented rule set for master data creation for various scenarios and exceptions
• Ownership of data to a field or field group level
• Security to ensure that the right person is doing the job
• Processes to ensure the completeness of data
• Processes to ensure consistency in the creation of data
• In complex, multi-system landscapes, establish the master system that owns creation
• Continuous improvement of processes
• Periodic audits to ensure adherence to the rule set and to also look for opportunities for improvement

Data Governance Challenges

Legacy Data Systems

Many organizations have old data systems, which are inflexible and difficult to manage, and hinder the free flow of data throughout the enterprise. This makes it difficult to share, organize, and update information.

Data that is isolated in separate silos, stale, or poorly organized, can make it difficult to establish data governance activities such as tracking data records, categorizing data, and applying detailed security models.

Related content: read our guide to data migration strategy 

Data Visibility

Data governance requires businesses to achieve data transparency. It must be clear which types of data exist in the organization, where it is stored, who can access it, and how it is used. However, legacy systems often obscure the answers to these questions. Data management processes must be implemented to establish strategies and methods for accessing, consolidating, storing, transmitting and preparing data for analysis.

Unsecure Data

As the quantity and variety of internal and external data sources grows, so does the likelihood of data breaches. Like data management, data security depends on traceability. IT teams need to be able to track the source, location and users of the data, how it is used, when it is no longer useful and processes used to delete it.

Data governance establishes rules and procedures to prevent potential leakage of sensitive business and customer data, and prevent data abuse. However, traditional data platforms create isolated information silos that are difficult to visualize and trace. Without an integrated data store, invisible, untraceable data results in security risks.

Lack of Control Over Data

Many businesses are required to comply with regulations such as GDPR (General Data Protection Regulation), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and industry standards like PCI DSS.

All these regulations require organizations to have a data governance structure that describes data traceability from source to retirement, provide logs recording data access and how, where and when the data is used. Governance enables businesses to control their data and prevent misuse of sensitive information. It does this in a way that can be audited and demonstrated to an external compliance body.

Data Governance Goals

• Make consistent, confident business decisions based on trustworthy data aligned with all the various purposes for the use of the data assets within the enterprise
• Meet regulatory requirements and avoid fines by documenting the lineage of the data assets and the access controls related to the data
• Improve data security by establishing data ownership and related responsibilities
• Define and verify data distribution policies including the roles and accountabilities of involved internal and external entities
• Use data to increase profits (everybody likes this one). Data monetization starts with having data that is stored, maintained, classified and made accessible in an optimal way.
• Assign data quality responsibilities in order to measure and follow up on data quality KPIs related to the general performance KPIs within the enterprise
• Plan better by not having to cleanse and structure data for each planning purpose
• Eliminate re-work by having data assets that is trusted, standardized and capable of serving multiple purposes
• Optimize staff effectiveness by providing data assets that meet the desired data quality thresholds
• Evaluate and improve by rising the data governance maturity level phase by phase
• Acknowledge gains and build on forward momentum in order to secure stakeholder continuous commitment and a broad organizational support

Data Governance Strategy

A data governance strategy informs the content of an organization’s data governance framework. It requires you to define, for each set of organizational data:

• Where: Where it is physically stored
• Who: Who has or should have access to it
• What: Definition of important entities such as “customer”, “vendor”, “transaction”
• How: What the current structure of the data is
• Quality: Current and desired quality of the source data and consumable data sets
• Goals: What we want to do with this data
• Requirements: What needs to happen for the data to meet the goals

Data Governance Framework

• Data architecture: The overall structure of data and data-related resources as an integral part of the enterprise architecture
• Data modeling and design: Analysis, design, building, testing, and maintenance
• Data storage and operations: Structured physical data assets storage deployment and management
• Data security: Ensuring privacy, confidentiality, and appropriate access
• Data integration and interoperability: Acquisition, extraction, transformation, movement, delivery, replication, federation, virtualization, and operational support
• Documents and content: Storing, protecting, indexing, and enabling access to data found in unstructured sources and making this data available for integration and interoperability with structured data
• Reference and master data: Managing shared data to reduce redundancy and ensure better data quality through standardized definition and use of data values
• Data warehousing and business intelligence (BI): Managing analytical data processing and enabling access to decision support data for reporting and analysis
• Metadata: Collecting, categorizing, maintaining, integrating, controlling, managing, and delivering metadata
• Data quality: Defining, monitoring, maintaining data integrity, and improving data quality

Data Governance Organizational Model

There is no right or wrong model, it is more into what size is you organization, what is the current structure etc...

Decentralized Model

Business units control and manage their data independently to best serve their individual department purpose

Pros:

• Business units operate with complete autonomy allowing for flexibility to run the business
• Speed of decision making exists at the business unit level

Cons:

• Lack of coordination among business units, thus poor quality of enterprise data
• Lack of common governance roles and responsibilities across the enterprise as the business units or functional area have the flexibility to create their own governance structures

Federated Model

Single point of control at the enterprise level while business units are in charge for local decisions

Pros:

• Data ownership is distributed throughout an organization in a way that provides centralized direction while maintaining some level of local autonomy at the business unit level
• Allows definitions and standards to be set centrally and executed at the local business unit level

Cons:

• Slower decision making as data ownership is distributed throughout the business, thus increasing the number of decision makers
• Potential independent analytics efforts by business units if central unit cannot meet demand

Centralized Model

Single point of control and decision making with business units having little or no responsibility

Pros:

• Ownership and enforcement is centralized resulting in complete oversight of data governance within the organization
• Speed of decision making as there is a single point of control and accountability

Cons:

• Risk of poor decision making by lack of business representation
• Higher number of fully dedicated resources
• Risk of bottleneck since ownership and responsibility is centralized in one unit

What is a Data Governance Policy and Why is it Important?

Data governance policies are guidelines that you can use to ensure your data and assets are used properly and managed consistently. These guidelines typically include policies related to privacy, security, access, and quality. Guidelines also cover the roles and responsibilities of those implementing policies and compliance measures.

The purpose of these policies are to ensure that organizations are able to maintain and secure high-quality data. Governance policies form the base of your larger governance strategy and enable you to clearly define how governance is carried out.

Below are non-exhaustive policy list to be considered:

• Data Lifecycle Management
• Data Architecture Modelling
• Data Technology Management
• Document and Content Management
• Data Warehousing and Analytics Policy
• Data Retention Management Policy
• Source Management Policy
• Data Governance Management Policy
• Data access Policy
• Data Privacy and Protection Policy
• Data Quality Policy
• Data Usage Policy
• Master Data Policy
• Metadata Management Policy

Data Governance Roles

Data governance operations are performed by a range of organizational members, including IT staff, data management professionals, business executives, and end users. There is no strict standard for who should fill data governance roles but there are standard roles that organizations implement.

Chief Data Officer

Chief data officers are typically senior executives that oversee your governance program. This role is responsible for acting as a program advocate, working to secure staffing, funding, and approval for the project, and monitoring program progress.

Data Governance Council 

The data governance committee is an oversight committee that approves and directs the actions of the governance team and manager. This committee is typically composed of data owners and business executives.

They take the recommendations of the data governance professionals and ensure that processes and strategies align with business goals. This committee is also responsible for resolving disputes between business units related to data or governance.

Data Owners

Has single point of accountability for their respective data domain. They are accountable to ensure that their data domain is properly defined, used, and monitored thin semi-monthly roughout organization across the data lifecycle. They play a leadership role in championing data management efforts within their business areas.

Data Stewards

Serve as an oversight role within their respective domains. They are the main point of contact for business data owners to resolve issues and execute on data management initiatives. They are subject matter experts of their business domain.

Data Custodians

Serves as a subject matter expert in information management, specializing in a specific data system / application assigned to them. They are responsible for executing data related initiatives and decisions associated to data domains from a technical aspect.

4-Step Data Governance Model

Managing data governance principles effectively requires creating a business function, similar to human resources or research and development. This function needs to be well defined and should include the following process steps:

1. Discovery—processes dedicated to determining the current state of data, which processes are dependent on data, what technical and organizational capabilities support data, and the flow of the data lifecycle. These processes derive insights about data and data use for use in definition processes. Discovery processes run simultaneously with and are used iteratively with definition processes. 
2. Definition—processes dedicated to the documentation of data definitions, relationships, and taxonomies. In these processes, insights from discovery processes are used to define standards, measurements, policies, rules, and strategies to operationalize governance.
3. Application—processes dedicated to operationalizing and ensuring compliance with governance strategies and policies. These processes include the implementation of roles and responsibilities for governance.
4. Measurement—processes dedicated to monitoring and measuring the value and effectiveness of governance workflows. These processes provide visibility into governance practices and ensure auditability.

Data Governance Maturity Model

Evaluating the maturity of your governance strategies can help you identify areas of improvement. When evaluating your practices, consider the following levels.

Who has responsibility for all data within their business domain?

Who is responsible for data management in a company?

Who is responsible for data content and business rules within an organization?

Who owns the data in data governance?