Data Governance – What, Why, How, Who & 15 Best Practices
All organizations need to plan how they use data so that it is handled consistently throughout the business to support business outcomes.
This means that organizations that successfully do this consider the who, what, how, when, where and why of data to not only ensure security and compliance but to extract value from all the information collected and stored across the business – improving business performance.
It’s all about how you handle the data collected within your business.
This is data governance, and most organizations are doing some sort of this without even knowing it.
According to a Profisee-sponsored report from Harvard Business Review Analytics Services, 67% of respondents say data governance is important to achieving high-quality enterprise data. Since technology trends such as Machine Learning and AI rely on data quality, and with the push of digital transformation initiatives across the globe, this trend is likely not going to change any time soon.
Because of this, we wanted to raise awareness of data governance to help those who care about data quality learn more about how the role of data governance impacts today’s business environments, stakeholders and company objectives.
We set out to produce the most comprehensive, free resources available on the web about data governance; this article is exactly that.
Download your copy of the guide to keep in your back pocket. If you’re ready to dive in, continue your journey below.
Continue reading this article to learn:
- Data governance defined
- Why bother
- Common business benefits associated with data governance
- Example goals of data governance programs
- Profile: OpenStreetMap
- Who’s typically involved in data governance programs
- A framework for a data governance strategy
- A look at a data governance maturity model
- The role of master data management in data governance
- The role of data governance related to data security, protection and privacy
- 15 data governance best practices; you’re welcome
What Is It?
Go ahead and Google “Data Governance.” Within five seconds you will be drowning in definitions. Pick your favorite. We’ll wait.
At Profisee, we are big fans of keeping things simple, so we’ll give you one sentence:
Data governance is a set of principles and practices that ensure high quality through the complete lifecycle of your data.
According to the Data Governance Institute (DGI), it is a practical and actionable framework to help a variety of data stakeholders across any organization identify and meet their information needs.
The DGI maintains that businesses don’t just need systems for managing data. They need a whole system of rules, with processes and procedures to make sure those rules are followed, consistently, every working day. That is a tall order for any system of governance. Tools like the Profisee Platform make the work much easier.
That is sufficient enough to get us started.
Data is becoming the core corporate asset that will determine the success of your business. Digital transformation is on the agenda everywhere. You can only exploit your data assets and do a successful digital transformation if you are able to govern your data. This means that it is imperative to deploy a data governance framework that fits your organization and your future business objectives and models. That framework must control the data standards needed for this journey and delegate the required roles and responsibilities within your organization and in relation to the business ecosystem where your company operates.
A well-managed data governance framework will underpin the business transformation toward operating on a digital platform at many levels within an organization:
- Management: For top management this will ensure the oversight of corporate data assets, their value and their impact on the changing business operations and market opportunities
- Finance: For finance, this will safeguard consistent and accurate reporting
- Sales: For sales and marketing, this will enable trustworthy insight into customer preferences and behavior
- Procurement: For procurement and supply chain management, this will fortify cost reduction and operational efficiency initiatives based on exploiting data and business ecosystem collaboration
- Production: For production, this will be essential in deploying automation
- Legal: For legal and compliance, this will be the only way to meet increasing regulation requirements
If you’ve managed to get this far, the benefits are probably obvious. Data governance means better, leaner, cleaner data, which means better analytics, which means better business decisions, which means better business results. Better market positioning. Mindshare in your space. Reputation. Better profit margin (everybody likes this one).
It’s the GIGO principle. Garbage In, Garbage Out. Or as our friend, Scott Taylor puts it, the GIGE principle.
Remember: Garbage In, Garbage Everywhere.
Of course, definitions are important. But action is more important. Now we know what it is. What do we want to do with it?
Here are a few possibilities:
- Make consistent, confident business decisions based on trustworthy data aligned with all the various purposes for the use of the data assets within the enterprise
- Meet regulatory requirements and avoid fines by documenting the lineage of the data assets and the access controls related to the data
- Improve data security by establishing data ownership and related responsibilities
- Define and verify data distribution policies including the roles and accountabilities of involved internal and external entities
- Use data to increase profits (everybody likes this one). Data monetization starts with having data that is stored, maintained, classified and made accessible in an optimal way.
- Assign data quality responsibilities in order to measure and follow up on data quality KPIs related to the general performance KPIs within the enterprise
- Plan better by not having to cleanse and structure data for each planning purpose
- Eliminate re-work by having data assets that are trusted, standardized and capable of serving multiple purposes
- Optimize staff effectiveness by providing data assets that meet the desired data quality thresholds
- Evaluate and improve by rising the data governance maturity level phase-by-phase
- Acknowledge gains and build on forward momentum in order to secure stakeholder continuous commitment and broad organizational support
These are just a handful of things you can do with great data governance. Bottom line is, that we either want to do these things to grow, or we have to do them to meet regulatory requirements. Regardless of the reason, the end result of not doing these things is the same. If we have bad data, we make bad decisions that we don’t realize are bad decisions until later.
“With bad data, we keeping making bad decisions.
We just don’t realize they’re bad decisions until later.”
– Scott Taylor, MetaMeta Consulting
That’s Scott Taylor, also known as the Data Whisperer. He’s been a thought leader in the MDM world for about 20 years, so when he crashed our office party in February, we figured there was a pretty good chance he knew what he was talking about. You’ll hear more from him later.
So, what does data governance look like in the wild? One of the most challenging spaces to put these practices to work is in open source projects like OpenStreetMap. Created by British entrepreneur Steve Coast in 2004, it was a response to the proliferation of siloed, proprietary international geographical data sources—dozens of mapping software products that did not talk to each other.
OSM uses data from volunteer contributors, much like Wikipedia, and is available to anyone with an Internet connection. Since 2008, OSM has grown from 50,000 registered users and contributors to over 2 million, with all of the map data submitted and collated by those volunteers. OSM is currently used by Facebook, Foursquare, and MapQuest, to name only three of the largest among literally thousands of professional users.
In plain speak: It is a miracle that this thing works at all. Some contributors are professional cartographers using high-tech GPS systems, and some are just weekend cyclists using their cellphones to triangulate and upload trip landmarks. But it does work, and it works well enough to be the trusted source of data for a number of Fortune 500 companies, some fast-track upstarts, and more mom-and-pop ventures than you can shake a stick at. A lot of folks use OpenStreetMap for their businesses.
We’re pretty optimistic when it comes to data purity. It comes with the territory. This is a miracle we understand. This model can only function if the data governance behind it works. And it is what Mr. Coast had in mind all along, building on a single revelatory concept.
The data is the product, not the map.
As you might imagine, a crowdsourced mapping system without a way to standardize contributor data could go wonky, as the Brits say, in a hurry. Establishing data standards early in the process and ensuring contributors adhere to them is key to the platform’s continued success.
Data governance involves the whole organization to a greater or lesser degree, but let’s break down the most commonly involved stakeholders:
Data Owners: First, you will need to appoint data owners (or data sponsors if you like) in the business. These must be people that are able to make decisions and enforce these decisions throughout the organization. Data owners can be appointed at the entity level (eg customer records, product records, employee records and so forth) and supplementary on the attribute level (eg customer address, customer status, product name, product classification and so forth). Data owners are ultimately accountable for the state of the data as an asset.
Data Stewards: Next, you will need data stewards (or data champions if you like) who are the people making sure that the data policies and data standards are adhered to in daily business. These people will often be the subject matter experts for a data entity and/or a set of data attributes. Data stewards are either the ones responsible for taking care of the data as an asset or the ones consulted on how to do that.
Data Custodians: Furthermore, you may use data custodians (or data operators if you like) to make the business and technical onboarding, maintenance and end-of-life updates to your data assets.
Data Governance Committee: Typically, a data governance committee will be established as the main forum for approving data policies and data standards and handling escalated issues. Depending on the size and structure of your organization, there may be a subcategory for each data domain (eg customer, vendor, product, employee).
These roles highlighted above should optionally be supported by a Data Governance Office with a Data Governance Team. In a typical enterprise, here are some folks who might make up a Data Governance Team:
- Manager, Master Data Governance: Leads the design, implementation and continued maintenance of Master Data Control and governance across the corporation.
- Solution and Data Governance Architect: Provides oversight for solution designs and implementations.
- Data Analyst: Uses analytics to determine trends and review information
- Data Strategist: Develops and executes trend-pattern analytics plans
- Compliance specialist: Ensure adherence to required standards (legal, defense, medical, privacy)
One of the most important aspects of assigning and fulfilling the roles is having a well-documented description of the roles, the expectations and how the roles interact. This will typically be outlined in a RACI matrix describing who is responsible and accountable to be consulted and be informed within certain enforcement, a processor for a certain artifact as a policy or standard.
The Data Governance Framework
A data governance framework is a set of data rules, organizational role delegations and processes aimed at bringing everyone in the organization on the same page.
There are many data governance frameworks out there. As an example, we will use the one from The Data Governance Institute. This framework has 10 components; let’s discuss in detail:
Master data can be described by the way that it interacts with other data.
A mission and vision that states why data governance is essential within our organization. At best, this should be related to the business objectives of the enterprise. This should be endorsed by the top-management.
The short-term and long-term goals for the data governance program as well as the success criteria and their measurement. Often this should be addressing the main pain points that exist in various lines of the business. This must be aligned with the funding and other involved line management.
Data rules and definitions in the form of data policies, data standards, data definitions preferable as a business glossary and how business rules transform into data rules. This should cover the data assets describing the core business entities essential to meeting the business objectives. The data governance office/team will work with data owners and data stewards to set this up.
- The decision rights that exist for managing the data assets in the day-to-day business. This will include what data stewards can decide and what must be escalated to a data governance committee or similar authority.
- The accountabilities and related responsibilities delegated within the organization. This can include a full RACI matrix with counsel and informee roles as well.
- The control mechanisms that is put into action in order to measure adherence of data rules and achievements toward the defined goals. The mechanisms can by established within business processes, in IT applications and as part of reporting.
WHO:The Governance Office / Team should be organized to support the cross functional data governance structures and activities. It collects metrics and success measures and reports on them to data stakeholders. It provides ongoing stakeholder care in the form of communication, access to information, record-keeping, and education/support.
Data stewards will play an essential part in enforcing data rules and resolve most issues before they become a major challenge. A typical responsibility for data stewards will setting up the data quality measurements and following up on the trends in the data quality KPIs and performing root cause analysis where thresholds are not met.
Last, but not least, at set of standardized, documented and repeatable processes must be deployed with the right balance of enabling technology. The orchestration of data governance processes will ultimately determine the success – or failure – or your data governance framework and the ability to rise in data governance maturity.
Grow Up, Kid: The Maturity Model
Measuring your organization up against a data governance maturity model can be a very useful element in making the roadmap and communicating the as-is and to-be part of the data governance initiative and the context for deploying a data governance framework.
One example of such a maturity model is the Enterprise Information Management maturity model from Gartner, the analyst firm:
Most organizations will, before embarking on a data governance program, find themselves in the lower phases of such a model.
Phase 0 – Unaware: This might be in the unaware phase, which often will mean that you may be more or less alone in your organization with your ideas about how data governance can enable better business outcomes. In that phase you might have a vision for what is required but need to focus on much humbler things as convincing the right people in the business and IT on smaller goals around awareness and small wins.
Phase 1 – Aware: In the aware phase where lack of ownership and sponsorship is recognized and the need for policies and standards is acknowledged there is room for launching a tailored data governance framework addressing obvious pain points within your organization.
Phases 2 and 3 – Reactive & Proactive: Going into the reactive and proactive phases means that a more comprehensive data governance framework can be established covering all aspects of data governance and the full organizational structure encompassing data ownership and data stewardship as well as a Data Governance Office / Team in alignment with the achieved and to be achieved business outcomes.
Phases 4 and 5 – Managed & Effective: By reaching the managed and effective phases your data governance framework will be an integrated part of doing business.
If your current data governance policies and procedures are your guidebook, the maturity model is your history book. It’s compiled from historical data based on a maturity assessment, which compares a company’s performance to established goals and benchmarks over a given period—a quarter, for example, or a year, or even five years. The model shows where you have been, which helps shape where you are going.
While a “one-size-fits-all” approach doesn’t really work for a maturity model, an “if-the-shoe-fits” approach works well for many companies. Search for existing models, find one that’s close, and adjust it to meet your company’s needs. If the shoe doesn’t fit, it’s easy to change the size of the shoe. It’s not so easy to change the size of your foot.
Connection to Master Data Management
Data Governance is the strategic approach. Master Data Management (MDM) is the tactical execution. That’s it. We’re good. You can go home now.
Not convinced? Ok. Don’t take our word for it. As promised, we’re back with Scott Taylor of MetaMeta Consulting. He has forgotten more about master data than most of us will ever know, so we’re happy to give him the last word.
“All enterprise systems need master data management,” Scott said at our Profisee 2019 kickoff event. “Marketing, sales, finance, operations. There is benefit everywhere, in enterprises of any size, in every industry, across the globe, at any point in their data journey.”
“Master data is the most important data because it is the data in charge,” Scott said. It’s about the “business nouns” – the essential elements of your business. Customers, partners, products, services. Whatever your business is, that’s where master data lives and breathes. You may have the best governance plan on the planet. Well-governed bad data is still bad data. It’s not going to help your business.
“Everybody is in the data business, whether they realize it or not,” Scott said. “Everything we touch turns to data. Business is transforming from analog to digital. No matter what your product is, data is your product. Business is changing because of data, and data is power. With the right tools, you can harness that power right now.”
We could not have said it better ourselves.
Data Protection and Data Privacy
The increasing awareness around data protection and data privacy, for example, manifested by the European Union General Data Protection Regulation (GDPR) have a strong impact on data governance.
Terms such as data protection by default and data privacy by default must be baked into our data policies and data standards not least when dealing with data domains such as employee data, customer data, vendor data and other party master data.
As a data controller, you must have full oversight over where your data is stored, who is updating the data and who is accessing the data for what purposes. You must know when you handle personally identifiable information and do that for legitimate purposes in the given geography both in production environments and in test and development environments.
Having well-enforced rules for the deletion of data is a must too in the compliance era.
Data Governance Best PracticesOn one hand, you can learn a lot from others who have been on a data governance journey. However, every organization is different, and you need to adapt the data governance practices all the way starting from the unaware maturity phase to the nirvana in the effective maturity phase. Nevertheless, please find below a collection of 15 short best practices that will apply in general:
Start small.As in all aspects of business, do not try to boil the ocean. Strive for quick wins and build up ambitions over time.
Set clear, measurable, and specific goals.You cannot control what you cannot measure. Celebrate when goals are met and use this to go for the next win.
Define ownership.Without business ownership a data governance framework cannot succeed.
Identify related roles and responsibilities.Data governance is a teamwork with deliverables from all parts of the business.
Educate stakeholders.Wherever possible use business terms and translate the academic parts of the data governance discipline into meaningful content in the business context.
Focus on the operating model.A data governance framework must integrate into the way of doing business in your enterprise.
Map infrastructure, architecture, and tools.Your data governance framework must be a sensible part of your enterprise architecture, the IT landscape and the tools needed.
Develop standardized data definitions.It is essential to strike a balance between what needs to be centralized and where agility and localization works best.
Identify data domains.Start with the data domain with the best ratio between impact and effort for rising the data governance maturity.
Identify critical data elements.Focus on the most critical data elements.
Define control measurements.Deploy these in business process, IT applications and/or reporting where it makes most sense.
Build a business case.Identify advantages of rising data governance maturity related to growth, costs savings, risk and compliance.
Leverage metrics.Focus on a limited set of data quality KPIs that can be related to general performance KPIs within the enterprise.
Communicate frequently.Data governance practitioners agree that communication is the most crucial part of the discipline.
It is a practice, not a project.