Data governance framework – guide and examples
Managing the flow of data to stakeholders who need it — data governance — now plays a critical role in every company’s data strategy.
Data leads to better, more informed decision making, so as your organization's data begins to grow all kinds of business processes benefit from becoming data-driven. Of course, data growth also introduces new challenges. The more data assets your organization collects, the more data issues you'll face. As more data elements flood in from dozens or hundreds of sources, organizations tend to lose control over the data lifecycle. It gets harder to scale to meet the demands of data end users, if you can meet them at all.
Without good data governance, there’s no way of knowing when inaccurate data enters your systems, where it came from, or who is using it. This leads to poor data quality and reduces your stakeholders' trust in the data. Data issues also increase the risk of noncompliance with government and industry regulatory requirements, such as the Global Data Protection Regulation (GDPR). More data also leads to higher costs, because managing an increasingly complex data environment isn't cheap.
That’s why high-quality data governance practices that ensure data privacy and compliance have become so essential for business success.
What is a data governance framework?
A data governance framework is the collection of rules, processes, and role delegations that ensure privacy and compliance in an organization's enterprise data management.
Every organization is guided by certain business drivers — key factors or processes that are critical to the continued success of the business. Your organization’s unique business drivers dictate what data needs to be carefully controlled, and to what extent, in your data governance strategy. For example, one of a healthcare organization’s business drivers may be to ensure the privacy of patient-related data assets, requiring that sensitive data be securely managed as it flows through the business to ensure compliance with relevant government and industry regulations. At the same time, patient data must be readily accessible to a patient's healthcare providers. These requirements inform the provider’s data governance strategy, becoming the basis of its data governance framework.
A well-planned data governance framework covers strategic, tactical, and operational roles and responsibilities. It ensures data is trusted, well-documented, and easy to find within your organization, and that it’s also kept secure, compliant, and confidential.
Some of the most important benefits the framework provides include:
- A consistent view of — and business glossary for — data, while allowing appropriate flexibility for the needs of individual business units
- A plan that ensures data quality, accuracy, completeness, and consistency
- An advanced ability to understand the location of all data related to critical entities, making data assets discoverable, usable, and easier to connect with business outcomes — in other words, ensuring
- A “single version of the truth” that keeps critical business entities aligned across the enterprise
- Well-defined methodologies and best practices for data assets and data management that can be applied across the organization
- Easily accessible data that’s kept secure, compliant, and confidential according to the demands of legal or regulatory requirements
Data governance vs data management
First, let’s clear up any confusion between data governance and data management. Both address questions of where data is stored, how it is accessed, and whether it can be trusted.
The key difference between data management and data compliance is their scope:
- Data management is an IT practice encompassing an organization's practices across the data life cycle
- Data governance policies are business practices pertaining that define how data is processed across the organization to ensure privacy and compliance
In simple terms, you can have data management without data governance policies (though it's not recommended), but you can't have data governance without data management.
Data governance addresses who has ownership of which data, and who can access the data. Data governance is also the discipline concerned with whether given data is subject to privacy laws or other regulatory requirements, and what its security requirements should be. The data retention and deletion policies defined by a data governance framework become part of the data life cycle.
Good data governance ensures the effective and efficient use of data assets. It enables an organization to achieve its key performance indicators (KPIs) by defining data workflows and people processes that provide the data quality and data security needed across the enterprise. Data governance outlines who can take what action upon what data, in which situations, and using what methods. Consistent, standard processes and responsibilities are critical for ensuring stakeholder buy-in for your data governance policies.
How are GDPR and data governance readiness related?
In 2016, the European Union adopted GDPR. This powerful privacy regulation expanded the definition of personal data as any data that can directly or indirectly be used to identify an individual. Suddenly, organizations had to classify a wider range of data assets as sensitive data in need of extra protection. GDPR also stipulates that any personal data belongs to the data subject, rather than the organizations that may collect or use that data.
With GDPR in place, any business with customers in the EU must be able to answer key questions about how it handles data ownership. Those questions include:
- Where does all personal data exist across the organization?
- How is data ownership assigned within the organization?
- Should the ownership of data be single-point or collaborative?
Since data owners within an organization have a vested interest in the integrity of their data, they can focus on defining policies and standards that keep their data compliant. For example, data owners can implement deletion and retention policies that ensure that the sensitive data they are responsible for aligns to regulatory requirements.
Data protection laws and regulations similar to GDPR are on the rise worldwide. For now, personal data definitions vary from place to place, and you can expect them to shift over time. Implementing well-documented data governance ensures compliance while also demonstrating your organization's commitment to accountability. Of course, every organization is different, with different data and different needs for that data. As your organization faces increasing pressure to implement and maintain good data governance, you must determine what data governance framework will work best to uphold your unique data governance strategy.
Data governance framework examples — the traditional approaches
There are two traditional approaches to establishing a data governance framework: top-down and bottom-up. These two methods stem from opposing philosophies. One prioritizes control of data to optimize data quality. The other prioritizes ready access to data to optimize data access by end users across business units.
The top-down method: focus on data control
This is the centralized approach to data governance. It relies on a small team of data professionals who employ well-defined methodologies and well-known best practices. This means data modeling and governance are prioritized. Only later is the data made more broadly available to the rest of the organization for analytics.
However, this approach creates a massive scalability issue. In this framework, there’s a clear distinction between data providers (typically IT) and data consumers (typically business units). Only data providers are empowered to have any sort of control over the data. In the past, this was less of an issue because there was a smaller amount of data to be governed, and fewer teams that needed access to it. But today, these small teams of data producers can’t cope with the demand from data consumers. It’s now a business necessity to have clean, complete, and uncompromised data available to everyone who needs it, whenever they need it. There are simply too many business users making too many requests for these teams to keep serving as gatekeepers.
The bottom-up method: focus on data access
Conversely, the bottom-up method allows for much more agility when managing data. While the top-down method starts with data modeling and governance, the bottom-up approach starts with raw data. After the raw data is ingested, structures on top of the data can be created (referred to as “schema on read”), and data quality controls, security rules, and policies can be implemented.
This framework, popularized with the advent of big data, is more scalable than the centralized approach. That said, it creates a new set of data issues. Because data governance isn’t implemented until later in the process, and because anyone can enter data, it's harder to establish control. And as we already discussed, lack of data governance can lead to increased regulatory risk, a loss of stakeholder trust in the organization's data, and a higher cost of data management for a sprawling mess of data assets.
What we need is a modern approach to a data governance framework — one that balances access and control. We need to establish control early on in the process without sacrificing the ability for users and subject matter experts to become data owners and curators.
Collaborative data governance framework template — a modern approach
A collaborative data governance framework is all about balancing the concerns of the top-down and bottom-up philosophies. This framework recognizes that working with data as a team is essential for success; otherwise, the amount of work needed to validate that the data is trustworthy will be overwhelming.
The collaborative framework is scalable, allowing for an increasing number of data sources to be introduced by an increasing number of people across the organization. Well-defined principles for collaborative content curation must be established to maintain this scalability. This can involve selecting subject matter experts in each business unit to serve as data stewards who help maintain high data quality for the datasets they know best.
By establishing these principles for data curation, anyone can collaborate as long as they follow the standards. This ensures scalability without compromising a defined level of trust in the content. Organizations can engage the entire business, from IT to subject matter experts to decision makers, in the process of turning raw data into a cohesive body of enterprise data that is trusted, documented, and ready to be shared and applied.
Of course, some business processes rely on heavily regulated data elements that require specific attention. Risk data aggregation in financial services, for example, or data like consumer credit card information may not be the best candidates for this approach. In these cases, the collaborative framework can complement, rather than replace, a more controlled top-down approach. The organization’s data governance team should define which data governance model applies in these types of situations.
Measuring success with a data governance maturity model
Data governance is a journey, not a destination. To ensure its success, an organization needs a way to measure its progress and identify areas for improvement.
The three maturity levels that organizations go through as they become more data-driven companies are:
- Data integration: application integration, data integration, and data loading
- Data integrity: data preparation, data stewardship, and data quality
- Data intelligence: data cataloging, data lineage, and metadata management
Because organizations require trusted data to empower data users, improve customer experiences, and make decisions with confidence, data quality metrics must be a core component of any data governance program. The further along an organization is on this maturity curve, the more it can take advantage of powerful technologies like data profiling and data matching with machine learning. This helps position an organization to get the maximum value out of all of its data assets while maintaining the necessary level of control and trust in that data.
Unlocking the full potential of a data governance framework
It's important for business units across the organization to recognize the data governance team as a friend and ally in their business processes. After all, governance is about more than data protection and control of sensitive data. Data governance policies give business users access to the data they need, when they need it. Data governance is ultimately a tool to help optimize decision making.
Change management can help create a supportive culture that values data governance. You can head off concerns about new data governance policies by reassuring your business units that, implemented correctly, data governance processes don’t slow business processes or prevent access to needed data. Rather, these policies ought to improve data access by enabling self-service delivery of trusted data to the right people in the right format at the right time — all while ensuring data privacy and regulatory compliance.
Give data end-users positive reasons to appreciate data governance by communicating how it benefits their business processes. For example, automation of data privacy rules can help data users focus on data analysis and decision making, rather than spending time worrying about whether their workflows protect sensitive data. Providing examples of familiar use cases and tangible business outcomes will help build buy-in for any new processes you implement.
Foundation for Data Governance Readiness
To get a more in-depth look at the methods and best practices you can use to implement a successful data governance initiative at your organization, read the Definitive Guide to Data Governance.
You’ll learn more details about the various data governance strategies discussed above. You'll also explore new areas including:
- Multiple ways that data governance initiatives can save you time, money, and resources
- How to choose the best data governance strategies and models for your needs
- Three steps to delivering high quality data you can trust, at any scale
- Tips for building a data team and a data-driven culture
More related articles
- What is data masking?
- Building a Data Governance Framework
- Data governance with Snowflake: 3 things you need to know
- Data Governance Tools: The Best Tools to Organize, Access, Protect
- Five Pillars for Succeeding in Big Data Governance and Metadata Management with Talend
- Structured vs. unstructured data: A complete guide
- What is a data catalog, and do you need one?
- What is data stewardship?
- What is Data Governance and Why Do You Need It?
- What is Data Lineage and How to Get Started?
- What is Metadata?
- What is Data Access and Why is it Important?
- What is Data Obfuscation?