Because data is increasingly becoming a business driver, a good data governance framework is essential. When building, CIOs should avoid these mistakes. […]
Errors in data management can result in financial, legal and image damage for companies. A solid data governance policy prevents this and ensures that data is managed securely and in accordance with compliance guidelines. To ensure this, the data governance policy should be easily accessible and easy to manage.
However, as the requirements for data governance and its methods are constantly evolving, IT managers can easily fall into traps that will sooner or later lead to problems. To prevent this from happening, CIOs should avoid these seven date governance mistakes.
Since data governance is constantly changing, the policies should not be considered as a project that is planned, completed and released. A date governance policy that does not keep up with constantly new requirements will ultimately fail. Even worse, a rigid policy can hinder the work of your teams, so they try to circumvent the rules.
Rajiv Mirani, CTO at IT infrastructure provider Nutanix, recommends looking at data governance as a business challenge: “Data is an asset that needs to be understood and protected by the organization,” he says. Companies should understand them as processes for dealing with cash. After all, they are also understood and accepted by the workforce, because everyone knows how important this is for the business.
An important, often overlooked, governance task is to evaluate both the amount and type of data collected and stored. “Data can have tremendous value when used properly, but ultimately the benefit is limited to the data you can manage, use, and secure,” Mirani explains. Therefore, it is important to carefully weigh the value of data instead of recording and storing everything by default.
Data governance must be a company-wide initiative, says Crystal Singh, analyst at Info-Tech Research Group: “Effective data governance programs are tailored to business capacities and value streams.“ Ultimately, they are aligned with the larger corporate goals set by the company’s management.
Data governance must not be a “hobby horse” of the IT department. Otherwise, according to Singh, you risk risking the approval and support of the C-level. In addition, the scalability and sustainable success of the data governance program depended on whether it was taken seriously.
A CIO must clearly articulate and demonstrate how data governance helps improve business outcomes and productivity. “Otherwise, it stays with a well-intentioned concept and fails in the implementation,” says Singh.
The biggest governance mistake is not involving the data owners in the governance process and getting their consent, says Kathy Rudy, chief data and analytics officer at the consulting company ISG: “The organization that manages the data for the company is not necessarily the owner of this data.“ Rather, certain business units or departments are the actual owners, with the governance teams merely acting as data administrators.
According to Rudy, it is important to communicate the purpose and benefits of the data governance program directly to the data owners. The next step is to get them involved in the program and find out who in your organization can work on it. “Start at the top and work your way down,” she advises. Conversely, progress should be communicated upwards. If there are any resistances or objections when the program is introduced, ask for support to solve them.
The buy-in of the data owner plays a central role for the most difficult part of any data program: the construction of the data taxonomy and the platform that is to manage the data. “In almost all cases, this requires changes to the data structures and cleaning up data that is out of date or does not match the company taxonomy,” says Ruby. Without the consent of the data owners, who have influence over the data sources, the program will fail.
Combining a security and privacy impact assessment is the best way to understand the who, what, when, where, why and how of data collection, use, sharing and processing, says Dana Mueller, compliance architect at cybersecurity provider Laika.
“Companies that do not carry out a comprehensive impact assessment may be at a disadvantage because they do not properly understand the data they process or manage and do not know how to adequately protect the data from unauthorized use or disclosure,” he explains.
According to his colleague Jay Trinckes, compliance architect at Laika, companies face high fines, legal costs and penalties if they handle data incorrectly. You also risk losing the trust of your customers.
If the key positions in the company lack the knowledge and the tools to effectively implement data governance guidelines, such a program will go nowhere. “If you define the policies centrally, but then deploy a new cloud data platform without the ability to manage them centrally, business teams will develop their own tools to manage the data in their own way,” warns Patrick Barch, director of product management at financial services provider Capital One.
Instead, build the tools and platforms that teams need to comply with the data governance policy before implementing it. “When all activities take place in one central location, data governance teams can have confidence that corporate standards are being met, while keeping track of anything that violates the guidelines,” says Barch. As a result, data management puts less strain on business teams, so that employees can spend more time on the data themselves instead of controlling it.
If employees are not encouraged to use new data sharing platforms, a data governance policy can break over time. Ajay Bhatia, General Manager of the Digital Compliance Department at Veritas Technologies, therefore recommends that all employees be regularly trained on data governance tools and guidelines. “Information is often shared through unauthorized apps because employees don’t know the tools available or the consequences for the company that come from it,” he says.
Bhatia recommends listening to colleagues before committing to a specific set of collaboration and messaging tools. Existing tools may meet the requirements of the company, but this does not have to apply to the needs of the workforce.
In order for data to be secure within the framework of the Data governance Directive, it should be discussed with all users which messaging and collaboration tools they would like to use. If a list of prohibited services and devices is compiled, it should be discussed.
If a data governance strategy is being developed, a specific project manager should be responsible for it. This senior IT team member sits at the same table with his business colleagues to develop a solid and detailed policy that meets all the goals set. “The executive must help set up and enforce rules to keep the company’s data clean,” says Heidi Csencsits, a consultant at the Parker Avery Group. The head of data governance should also be responsible for convening IT and management colleagues to regularly revise and update the governance document.
Without a well-thought-out governance strategy, corporate data will remain unused in silos and wild growth will reign. Then each business unit or department implements its own transaction system with individual data meanings and rules. “When these different systems collect data over time, there can be subtle discrepancies,” explains Rob Gentry, also a consultant at Parker Avery. This makes it difficult to extract a recognized “truth” from the information, since each system reports different results. “These inconsistencies can be avoided with a solid enterprise data governance program that includes data definitions and formats that are used throughout the enterprise,” summarizes Gentry.
This article is based on an article from our US sister publication CIO.com .