Too often, companies “hire a chief data officer [CDO] or establish an enterprise data governance program without considering how these functions fit within the rest of the organization,” said Lewis. “The most successful organizations look carefully at existing business functions and processes, and find ways to link aspects of data governance to those functions. For example, CDOs should participate in strategic planning to provide advice on the latest capabilities, while also planning the data strategy in direct support of the company strategy.”
This can be a challenge for small to medium-sized businesses. “The more progressive, globalized organizations and regulated industries, such as financial and insurance, and those that have had to comply with diverse mandates outside a single market such as the U.S., are able to keep up more quickly,” said Turajski. “They’ve already had to respond to privacy mandates, such as PCI DSS and GDPR, so they have a head start. For those companies, it’s now more about expanding the scope of sensitive data controls going forward. Smaller organizations have less exposure risk, so they are able to take a more wait-and-see approach, as opposed to the larger organizations with big targets on their backs.”
Keeping information simple and concise enough that employees and customers will read it and remember it is important, said Bentvel. “When information is too verbose or is hard to find, people can slip up because they’re not fully informed. Ensuring compliance is much more than just putting the processes in place. People need to understand the reason policies were put in place in order to feel incentivized to follow them. Compliance is about balancing data governance and security while still meeting the enterprise’s data needs.” Some of the initial steps an organization should take include driving awareness, considering the existing and new rights of data subjects, and recording data processing.
Turajski urged greater attention to data governance fundamentals “to discover sensitive data, classify that data, apply protection to the data, and then to manage access controls.” He also pointed to “increased use of analytics for discovery and classification to automate controls when managing big data across disparate repositories.” This requires “a holistic approach and user engagement and automation are key factors to effective data governance. Users need to be part of the solution, just as much as technology requires more automation to keep up with the exploding amount of data.” Increased use of analytics can help mitigate risks and create a culture for handling data responsibly across all parts of the organization, which leads to increased consumer trust and helps promote a privacy-by-design mindset.
Organizations “are evolving to derive value from their valuable data assets,” said Perry. “Managing an organization in the information economy means developing new skills, engaging staff to understand data governance, and knowing and complying with regulations. New roles have emerged—data scientist and data citizen, for example—with responsibility to explore and find insights from the ever increasing data resource. There’s a spectrum of data responsibility—for some people, data is a major part of the job. Others bring more of a business focus to their data analysis. And, collaboration is the key to ensuring that data is properly obtained, understood, used, shared, and eventually disposed of. Responsible use of data is, at least, an implied part of every job description.”
Ultimately, an effective data governance program is about more than data—it’s about growing the business. “More businesses are now successfully cultivating open communication between various departments because of their data governance program,” said Emily Washington, senior vice president of product management at Infogix. “This suggests that many companies are ready to expand their data governance program to a more strategic focus beyond just governing data. Instead, businesses need to take governance one step further to enhance their analytical insights. Although many businesses are now collaborating across departments, there is still a disconnect between the analytics team and those that are focused on governance efforts, resulting in various metadata definitions across teams. By introducing governance to analytical models, businesses can aggregate the metadata around their models to ensure all teams have a complete understanding of their data and can leverage it in analytical models.”