Data Governance Strategy – A Practical Approach

It’s easy to sometimes forget just how much data we’re creating each day. We’re generating data when we work, when we’re at home, and in many cases, as we simply go through life. This information doesn’t just go into the ether. It’s important, mineable, and can help shift the way entire organizations think and react to a market. Data and analytics fuels digital business and play a major role in the future survival of organizations worldwide. However, data and analytics leaders are challenged by new legislative initiatives, such as the European General Data Protection Regulation (GDPR), as well as by the key task of evaluating and defining the role and influence of artificial intelligence (AI). “Organizations feel the urgency to embrace digital business if they want to stay relevant and competitive,” adds Jorgen Heizenberg, research director at Gartner.

As Gartner illustrates, data and analytics leaders have to deal with delivering business outcomes from their data-driven programs today — and at the same time build an effective data and analytics organization that is fit for tomorrow. In order to meet these challenges, such leaders need to take ownership and develop a data and analytics strategy.

Data Strategy Centered on Trust

The key characteristics of such a strategy are trust, robust capabilities and insights. To help data and analytics leaders craft their strategy efficiently and successfully, they must familiarize themselves with pressing topics and trends, including blockchain, AI and GDPR. They should also have a deep knowledge of how to monetize data and establish a data-driven culture in their organization.

Have you noticed all of the new ‘privacy updates’ happening all over the place? If you’re an organization, there are real ramifications if you don’t accept. For example, if you’re in Europe, you won’t even be able to adjust your Nest thermostat unless you agree to the updated data privacy policy. Similarly, social media platforms have actually disabled thousands of accounts for not agreeing or signing up to the latest terms and conditions. Others, like news sites, are forced to change their EU delivery altogether. If you went to visit the LA Times website from most European countries, you’d be met with a simple message: “Unfortunately, our website is currently unavailable in most European countries.” They’re not the only ones. The list includes the Chicago Times, Chicago Tribune, Baltimore Sun, and others.

What happens if you don’t follow these new data governance guidelines?

What happens if there’s a breach of that data and you never allocated the right resources to good data warehousing or data storage best practices?

Well, there’s a price to pay if you’re in that boat. Not only can a breach impact your brand and consumer trust, you may very well be fined as well. As the GDPR guidelines point out, if a firm infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement, as opposed to being separately penalized for each provision. So, on the lower levels, you may be fined up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher. And, at the upper levels, you may be fined up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.

The penalty is calculated based on the nature of the infringement, intention, mitigation, preventative measures taken, history, level of cooperation, the data type, and more.

Bottom line – think about your own data strategy and see where it actually measures up.

Data Governance – A Practical Approach

Data can be a powerful tool, but it can also complicate things. So, what happens if you’re not just a consumer but maybe a mid-sized organization? What do you do if you’re trying to get started on a good data governance practice? How do you work with data and most of all leverage it? Let me give you a few thoughts to prepare you for the deluge of data in the coming years:

• Data Classification – Understanding the 5 W’s of Data. In my experience, data can be classified in terms of what it’s doing for the business. Believe it or not, many organizations actually house some elements of personal data; oftentimes without even realizing it. To that extent, consider these 5 W’s.
• Who has access to personal or corporate data? Is the data stored or is it just transient?
• Where is this personal data being kept? And, where do you transfer this personal data to?
• Why is the personal data even under your control? Does it need to be?
• When are you keeping those personal records until? Are there situations where you’re sharing this data?
• What mechanisms do you have in place to protect personal data?
• If you’re dealing on any sort of global scale, you have to establish a Global Data Policy. This is a key approach for global organizations. You’ll need to establishes core principles for the protection of personal data as well as policies and procedures for managing this information. In some cases, a global data policy might require the appointment of privacy champions, data protection officers, and other features.
• Updating IT and Strategies Around Data. Because of new regulations and policies, you might have to evaluate how you’re storing and securing data. This doesn’t just have to be personal data either. Sensitive information, proprietary data, and even analytical data should all be classified, secured, and properly stored within a data warehouse or appropriate storage repository.
• Updating Security and Incident Response Strategies. What happens if a breach occurs? Have you done a risk assessment and really understood the value of your data? The last thing any organization wants to experience is a data breach; especially when personal data is involved. When it comes to data and incidence response, you need to have strategies which review data confidentially, integrity, and availability. I can’t stress this enough – this is an area where you really want to get ahead and do your homework.
• Consider Appointing a Data Protection Officer (DPO). In the age of data, you’ll need to work with data professionals. New jobs, titles, and roles are emerging to help you cope with all the data that’s being generated. A data protection officer has some new and critical responsibilities. This includes monitoring compliance and data protection laws, cooperating with and acting as a the contact person for supervisory authorities, and work to inform and advice business leaders as well as employees to the state of their data. If you’re a large organization, you might have a few of these folks working with IT, security, and business teams to ensure that data is being worked with properly.

There are some great ways to segment data leveraging storage as well as networking technologies. Solutions around WAN management allow you to geofence data points to ensure they stay locked down. And, you can get pretty granular here too. You can force data to stay in a state, city, zip code, or even a building.

Technology aside, you’ll also potentially want to review how you log and audit data that flows through your network. And, if applicable, you may need to include functionality that facilitates the secure destruction of personal data when no longer required for legitimate business and compliance purposes, in accordance with record retention policies.

Trust in a Data-Driven World

Our future will almost entirely become data-driven. The decisions we make, the applications we use, and the way we conduct business will all revolve around persistent connectivity and the data we create around it all. Data has the power to enable entire businesses. It also has the power to hurt people. As every business, city, and person becomes a digital entity, we’ll need to adjust data protection policies to ensure (as much as we can) privacy and security. Here’s the thing, when utilized properly with big data engines, data analytics, and even data visualization – data and the information that it carries can be a powerful ally for both people and the business.