How to Implement Sound Data Governance
What is data governance?
Implementing data governance means defining a set of strategies and procedures that you’ll follow in order to govern and manage data in your organization. It encompasses several core concepts, including ethics, security, privacy and your company’s image. Taking on this challenge is no small task!
The biggest risk is not to structure your thinking. You can prevent this by focusing on the pillars of data governance, which are:
- Strategy: What are the objectives of our data policy?
- Processes: How does data move around? What are the rules?
- People: Who has access to the data? Who is responsible for it?
- Technology: What tools do we use? What IT architecture do we have?
As we explained in our article on data management, engaging in strategic thinking about your data is essential.
- Why do we want to use our data?
- What type of data (really) helps us to make decisions?
- How can data governance help us achieve our objectives?
Answering these key questions will help you to reflect on the other pillars more clearly.
When establishing processes, it’s important to remember that your entire company should be involved in creating your data governance policy. All of your employees require information to succeed at their daily tasks. That means you should include them in your decisions so that everything is well-coordinated. Reflecting on processes also means thinking about the life cycle of your company’s data, which we covered in a previous article. In particular, you need to determine how your data is created, analyzed, shared and stored.
People also play a critical role. Outlining expectations, responsibilities and permissions for each role is important when developing a data governance policy. Several key roles will need to be defined. Later in this article, we’ll give you a bunch of tips on how to go about this the right way.
Also, don’t forget that everything depends on technology. Without it, you can’t do much in terms of data management. We’ve created a list of the many tools that you can use to optimize data management in your company. Selecting the right tool is a strategic choice, as it will support your processes, employees and strategies.
You may feel like this mission will never end. And you might be right! However, there are some ways of working that can help you move faster, including Design Thinking and Design Sprint. These methods help you develop your data governance policy through holding workshops with your teams.
To avoid wasting time, you should also be aware of potential pitfalls so you can prepare for them. Here are a few:
- The policy is a jumbled mess because too many people were involved in the process
- Low engagement from employees who see no need for data governance
- The difficulty of creating a data governance hierarchy
- Lack of a data culture within teams
- The difficulty of getting employees out of the habit of working in silos
- Poorly structured discussions about ethics and values
- The tendency of some teams to leave everything up to IT teams
- Change management in relation to changing tools and processes
- The difficulty of aligning all employees toward a common objective
There are many other challenges that may arise depending on your organization. If you already feel like giving up, remember that without data governance you won’t be able to enjoy all the benefits of data management (productivity, efficiency, responsiveness, creativity, etc.) or deal with the legal aspects of data that are applicable to all companies, regardless of their size.
Why do I keep hearing about data governance?
Have you heard of Cambridge Analytica? We bet you have. This company caused a major scandal by stealing data from thousands of Facebook users unbeknownst to the social network. However, it’s not the only company to have crossed the line in recent years. Uber, Desjardins, Equifax and Ashley Madison are a few of the numerous companies that have had their data hacked. It’s now of the utmost importance to make sure that the way your company manages data is secure and ethical. Even if your company is small, it could still fall prey to phishing or information theft.
In addition, data governance is essential to making sure that you comply with laws on privacy and personally identifiable information (PII). In Europe, the General Data Protection Regulation (GDPR) is in force and is on its way to becoming the global standard. To be in compliance with these regulations, you must be able to demonstrate that you have knowledge of all the data flowing through your company, that you are fully transparent about collecting it from your users and that you are able to delete all data related to an individual immediately. There’s no avoiding it—data governance is important!
A few useful tips
Now that we’ve emphasized the importance of implementing sound data governance, it’s high time that we give you some tips on how to go about it!
Assign key roles within your company
As the importance of data governance increases, companies are introducing new key roles:
- Data owners
- Data custodians
- Data stewards
Data owners are responsible for storing and protecting the data they have collected. In short, anyone who collects data in a company is a potential data owner. To make sure that this function is well-managed, the role is often assigned to the division manager. For example, the director of finance may become the owner of the company’s accounting and financial data. This individual would then be responsible for the flow of the said data, as well as its use.
Data custodians are responsible for monitoring data in order to protect it. They are in charge of controlling, safekeeping, transporting and storing data. They also make sure that governance rules are well-implemented in information systems. In other words, they protect your data and make sure it doesn’t get lost. In a small company, one person can take on this role.
Data stewards know the data and make sure that ethical rules are respected. They are responsible for organizing information and its metadata. Metadata is information about a piece of data, including who created it, when it should be deleted, what security rules must be respected, who its data steward is, etc.
You’ll need to determine who will be assigned to these roles in your company. Of course, in many companies, resources are limited. In that case, we would advise you to consider setting up an internal data governance committee. This preferably multidisciplinary committee would be able to take on the data custodian and data steward roles. The committee could also share good governance practices with all of your employees or even set up training courses to raise awareness of security issues among your teams.
If you want to take things further and allocate even more resources to data governance, you could also consider hiring a data architect to manage data infrastructure, a chief data officer to establish your data strategies or data analysts or scientists to analyze and manage your data on a daily basis. Remember to go at your own pace though. Doing everything overnight is pointless if your framework isn’t strong enough.
Reflect on your data
As we mentioned in our article on data management, your data is one of your strategic assets. For this reason, you should make it the focus of a strategic reflection session. To begin, you’ll need to classify or categorize your data. Classifying data means sorting it into categories that you’ve selected in accordance with your needs. In addition to the most common categories (finance, marketing, production, etc.), you can also classify your data according to its level of confidentiality, the level of risk associated with it or its degree of sensitivity.
Taking the time to classify your data will help you to better protect your data, understand it and even map it.
Data mapping is a process in which you identify all of your data so that you can visualize it. It makes it possible to gain a complete picture of all the data flowing through your company, meaning that you will be able to easily find or delete it depending on the request. For example, let’s say that your long-standing customer Claude asks you to provide him with all the information you have about him and then to delete it. If his data is scattered throughout your CRM, telephone directory and client files in Excel format, where would you begin? Mapping your data will allow you to respond faster and, most importantly, to make sure that you are in compliance with current laws (because yes, Claude does have the right to ask you for this and the law requires that you respond to him).
Since data classification and mapping are complex and time-consuming, you may want to consider collecting only the data you need. You’ll also want to be smart about collecting and storing it for the same reason.
Adopting an ethical approach
Ethics and data governance are closely intertwined. The ethical use of data means adopting practices that respect the fundamental rights of individuals and uphold societal values. In other words, you should collect and handle information in a morally acceptable way.
It’s also important to be transparent about how you collect data. You should always notify visitors to your website that you are using cookies to collect information. You also have to give them the option to refuse the cookies. And don’t forget to mention how their data will be used (most often for marketing purposes).
Being ethical about data governance also means protecting the information you collect. You’re responsible for promising your customers that you won’t lose their personal information. And you’re also responsible for not selling their data to third parties without their permission.
Behaving ethically within your company is also a key issue. Your data governance policy should clearly state what your teams can and can’t do with regard to data. This could save you from being the centre of a scandal, like the one involving Target and children’s diapers. Consider this a warning not to take data analysis too far!
Make regular updates
Proper data management relies on high-quality data. Data quality depends on whether a piece of data is:
- Complete: Do all customers in your CRM have a phone number?
- Consistent: Do all the phone numbers in your CRM have 10 digits?
- Current: Do you have the correct phone number or an old phone number for your customer?
- Relevant: Do you need to know your customers’ phone numbers?
- Unique: Do several of your customers have the same phone number?
- Valid: Did you mix up two numbers when entering a customer’s phone number?
In your data governance policy, you may state that this verification process must be carried out at set intervals. It’s recommended that very large companies go through this process every two months. For smaller companies, it’s sufficient to do so every 6 months. However, remember that daily monitoring is always the best option. Some more easily verifiable data, such as the contact records in your CRM, should be validated every week.
Choose the right technology
Data governance also relies on the technological tools you use to collect, process and store your information. In our article on data management tools, we provide an informative list of the relevant technology for each stage of the data lifecycle. Here, we’ll provide you with issues you should reflect on when selecting technology solutions for your company to make sure the technology helps you to better manage data governance on a daily basis.
First, select a tool that fits your priorities. If your main priority is to collect as much data as possible, you should choose a tool that has the capacity to do so. On the other hand, if you want to optimize your analysis of data, you should select a technology that excels at data analysis. Everything depends on the objectives you outlined in your data strategy.
Second, consider what your needs will be over a period of several months. You shouldn’t choose a tool based on your current situation or, even more importantly, on your current volume of data. Your company will keep collecting more and more information, so it’s important to estimate your storage and processing needs in advance and choose a tool that won’t slow you down in a few months. Experts can help you to make a good choice.
Third, think about how self-sufficient you want to be. There are many ready-made solutions that can be implemented in a short timeframe. However, your company would then be bound to monthly or annual subscriptions. If being self-sufficient is important to you, you might want to consider an open-source solution. Although this type of solution can take a bit longer to develop, it will leave you with greater peace of mind in the future.
Last, choose tools that will help you comply with the principles of data governance. In other words, choose tools that will allow you to document your data, control it, map it quickly, etc. In addition, you should also avoid spreading yourself too thin with too many tools. Your needs should be met by as few tools as possible to maximize the security of your data as it flows through your company.
In addition to data management tools, you may also want to acquire tools that are specifically designed for data governance, such as data modeling tools, data profiling software or solutions that manage data quality and metadata.
External resources are available
There are many external resources that can help you to establish a data governance policy. Here’s what we think.
Some government resources
For the past several years, governments have been heavily involved in data protection and security. For more information, you can consult the Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (GDPR) or the Independent Pan European Digital Association (IPEDA). They will provide you with a better understanding of what you must comply with when collecting, processing and sharing data.
We also recommend reading the DAMA DMBOK by the Global Data Management Community. This book is a real encyclopedia of data governance that will teach you how to plan everything internally and implement sound data management strategies.
There are also a large number of white papers and eBooks on the topic of data governance. You’ll be able to find the ones that best fit your business context with a quick online search.
When should you call in an expert?
In addition to written resources, you may also need human resources. But don’t worry—that’s normal. Many consulting firms now assist with data governance, including PwC and KPMG. Of course, there are also much smaller, more affordable firms that specialize in the field. We recommend that you consult a data governance expert if you’re handling an exceptionally large volume of data or working with sensitive data.
From a technology standpoint, you can also call on experts to help you develop your data management solutions. That actually happens to be one of our specialties.
No matter the reason, you shouldn’t be reluctant to ask for external help when establishing your data governance policy. With increased regulation surrounding data governance, soon it will be mandatory to be able to prove that your company is behaving ethically. It’s time to start preparing so you don’t find yourself in a tight spot later on!
Points to remember
The topic of data governance is both complex and fascinating. For a long time, companies collected data without really paying attention or taking interest in the information. But today, companies must implement sound data governance in order to comply with ethical and security standards. Unfortunately, putting off strategic thinking on this topic will only make it more complicated when you finally do get around to it.
To sum things up, here are our tips for sound data governance—establish the right roles in your company, be sure to know your data and where to find it, make sure that ethical standards are well-respected by your teams and, above all, continuously update your practices over time.