Data governance isn’t the end product. It’s a means to an end that ensures higher quality data-led decision-making and improved business outcomes.
By Gregg Withers
In my career, whether I’ve been focusing on metadata management, data modeling or solution, enterprise and data architecture, data governance has always been applicable. However, technology is the easy part; to really complicate things, all you need to do is add people, and that’s where data governance really makes a difference. Technology supports the process, but it’s people that need governing. Today we work in highly matrixed organizations with complex operating models—business and IT. Choreographing people through data governance is more important than ever if you want to drive your business forward.
In this article, I’ll further explain the critical role that people play within data governance and how defining, communicating, and articulating data governance is vital to get buy-in from across the business. I’ll then explain the difference between proactive, reactive, and corrective governance and how having the right policies, procedures, and technologies in place can support people in ensuring business outcomes.
The Vital Role of People Within Data Governance
People form a fundamental part of data governance as, ultimately, they’re the ones governing the data. Articulating the RACI roles—defining who is responsible, accountable, consulted, and informed regarding the various data domains—is imperative. However, this shouldn’t only be done in the context of a specific system; it needs to be done holistically across the entire enterprise, eventually, for optimal benefit. People often look at what they’re doing myopically with blinkers on. Whatever part of the organization they work in and whatever their role, people tend to think of their roles in isolation. However, it doesn’t work like that; there are upstreams and downstreams to every business process and system. People need to understand how the whole value chain and wider business processes are impacted. You can’t govern data with everyone working in their own little cell; you need to define an enterprise-wide value chain and educate stakeholders to appreciate how their parts contribute toward the whole.
What’s more, when it comes to data governance, it’s important for people to speak the same language. Even when we talk to each other in English, we often miscommunicate. We don’t work in bubbles; there are incoming interfaces and business interactions, which makes definitions and semantics essential. We need to clearly define roles and responsibilities. However, while defining, communicating, and articulating data governance is fundamental, the real magic is in getting people to sign up to it and execute effectively against it.
How to Get Buy-In from Across the Business
People are often scared of data governance because they think of it as red tape, and no one likes red tape. Misconceptions that people have that they don’t have time to do data governance as well as their daily jobs, and then failing to address and correct that misconception, can be a considerable impediment to success. The fact is that data governance isn’t there to completely retool everyone’s brain; it’s there to help them do what they’re doing better and to help them feel empowered. While many refer to data governance as being non-invasive, I don’t necessarily agree since we’re changing how people look and work with data; I prefer to think of it as being minimally invasive. It will and indeed should change how people work, but for the better. Demonstrating that is how you really get commitment.
There’s often a debate about whether bottom-up or top-down data governance is the way to go. While I believe that you need to get buy-in from across the business, I also believe that you’ll struggle to get traction on the ground, where data governance is actually executed, if you don’t have commitment from the top. However, if you can communicate why data governance is important and, more importantly, how it can make life easier and add value, you’ll have a much better chance of success.
If you try to launch data governance in one fell swoop, you’re setting yourself up for failure. What you really need to do to win people’s hearts and minds is to have small wins and to create a poster child for success that can be used elsewhere. Automation forms a big part of this; it builds transparency and drives accountability. When you can clearly see that there are measures and processes in place and that they’re being executed against, people sit up and take notice; it means they’re no longer operating in a vacuum.
The Difference Between Proactive, Reactive, and Corrective Governance
Data governance is a journey; no business starts at the destination. This means the first step is evaluating where you are, measuring people and processes, and seeing where you’re falling short in comparison with an initially idealized target state. Of course, the target state itself may change as data governance awareness and maturity improves. However, evaluating where you are compared to where you need to be helps you to determine what kind of governance you need as a starting point. The three main types of data governance are as follows:
- Proactive—I also think of this as greenfield data governance when data governance is barely or non-existent. Proactive governance involves defining an initial state, identifying the business benefits, and working out what you need to do to achieve that. This will involve aspects such as who can access data as well as how you’ll audit data, how you’ll measure data quality, and what processes you’ll implement to support all of that. Key to success in proactive data governance is having stakeholders contribute to what data governance should look like, so that they are personally vested and feel part of the process.
- Reactive—This comes into play when you already have some level of data governance but something new comes out, such as a piece of legislation, and you need to tweak your existing structures.
- Corrective—This is needed when something falls through the cracks. The drivers for corrective governance are fundamentally different, and it has a different workflow.
Ultimately, whatever part of the maturity curve your business is on, it’s a journey of continuous improvement. However, the more maturity you have in relation to your data and how you use and govern it, the bigger the competitive advantage. With proactive governance, you can build trust and drive core business objectives from the get-go.
How Implementing the Right Processes and Technologies Builds Value
Security, risk, and compliance are often afterthoughts and are only brought to attention when something goes wrong, but legislation is turning that around for the better. It’s vital that both functional business requirements and non-functional requirements—such as risk and compliance—have a seat at the table early on in the process. This enables a lens on areas that operational teams simply don’t understand and enables the right processes and technologies to be built in from the ground up. Ultimately, if there isn’t fine-grained access, transparency, and accountability when it comes to data, there will be gaps in security and business can suffer as a result. The courts are more understanding if you can show you have a documented process in place, and reactive and corrective processes to both document and address shortcomings when they occur. Customers have more trust in organizations that do the right thing with their data. After all, business comes from customers and customer retention through trust is essential in an increasingly competitive environment.
With the right people, processes and technologies in place, you can build competency and data literacy and improve data governance outcomes. Moreover, you can replace busy work with value work and drive efficiency. People often think of data governance as something to be accomplished, but I disagree; it’s a means to an end.
Gregg Withers is an independent data management consultant and, at the time of writing, a data modeler and information architect at Starbucks, having worked internationally for numerous large companies and governments. He has extensive experience in data and enterprise architecture and solution design and prides himself on developing systems that exceed clients’ expectations.
From the Privacera team (Please note, Gregg Withers is not employed by Privacera, and his piece does not imply an endorsement).
Get more information on how data security governance delivers a competitive advantage—read our blog.