The objective of data governance is to provide insights into the availability, usability, integrity, security and privacy of data. As the amount of data organizations handle grows, establishing efficient data privacy policies and processes is critical. Furthermore, data privacy must be embedded in new systems and crafted onto existing legacy systems and networks. But privacy is far from just about software and hardware. It’s very much about people.
If you already have a data governance initiative in place you may have appointed a Chief Data Officer (CDO). According to IBM, 25% of Fortune 500 firms now employ CDOs (Check here if you need one per the GDPR). They have the ultimate responsibility for data within the organization, but they too require basic education about data protection.
The CDO ensures that ownership of data is aligned and that data owners are accountable, while data stewards are made responsible for enforcement of activities related to privacy management. After enabling data ownership, the existing privacy classifications for customer and employee data can be actively managed, which is one of the requirements of the GDPR. These activities play a key role in strengthening the first line of defense in the company from a risk perspective. This also sets the context across the data lifecycle for the data owner.
Keep in mind that there is a difference between privacy and information security classification. If your company has no such classifications in place, data stewards can enable the data owners to classify the data that they own. This is easier if your data is already logically grouped into domains based on its business characteristics, like customer or supplier domain. Employee data, for example, can be classified under a human resources domain. A data set or a sub-domain can then be classified to be able to apply the right classifications to that particular data.
Another topic in managing evolving privacy standards is the Data Governance practice of rigorously maintaining information provenance. Information provenance refers to where information was collected and the notice and consent provisions under which it was collected. Companies need to know how individuals’ personal information came to exist in their systems, databases and data warehouses, and what the individuals were told about how their information would be used. All this information has to be stored as meta data.
All of these requirements need to be clearly embedded into your data governance strategy to provide guidance to employees and to assist them in any activity that includes private and confidential information. For a data governance program to be successful it is important to understand all business needs and possibilities before rolling it out. Most impotartantly, your data management and privacy management process must be aligned with organizational objectives.
If we take a look into the crystal ball, the need for data governance will only grow as the amount of data does. That’s why there’s no better time to get buy-in for data governance than right now.