Data Governance: getting a grip on data access

Data Governance is the key element getting control over your data.

The constantly changing statutory and regulatory requirements as well as new digital business demands (e.g. arising from the support of AI) create massive challenges for companies. Having clean data, knowing its content and classification, correctly aggregating it across different levels and having a clear view who is accessing the data set and for what purpose is proving difficult, due to the volume, various data sources, unclear or non-existent responsibilities and decentralized company structures.

What is the purpose of Data Governance?

Data Governance layers a management structure on top of data to assure data is identified, registered, categorized and continuously managed. Its function is to be the decision-making instance on data ownership, data maintenance throughout the data’s entire life cycle, data quality and data compliance. It also specifies and controls the rules concerning the usage, access, aggregation and flow of data.

Data Governance thus serves several purposes:

  • Building a cross-entity data governance organization with clear roles and responsibilities (e.g. data owner), including external stakeholders (e.g. suppliers)
  • Implementing this data governance, including awareness training and education of staff and role owners
  • Identifying, classifying and registering data
  • Defining the relevant data quality levels for each data class (e.g. no outdated data)
  • Identifying the relevant compliance rules for a specific data set (e.g. retention times for financial records)
  • Implementing concrete measures to establish compliance with the applicable regulations for a specific set of data (e.g. automatic alert if data reaches its retention period and must be deleted)
  • Assuring appropriate data Access Rights Management (Identity and Access Management or IAM) by integrating data into the IAM environment
  • Creating efficient processes assuring that data management can be performed most efficiently and effectively

Having good Data Governance means being able to self-clean the company’s data over time. You start with the highest priority areas and then work your way up step by step until you have achieved adequate data quality.

Data Governance brings substantial benefits to your company in different areas:

  • Common business terminology helps users to quickly find relevant data for their purpose
  • Users know to what degree they can trust the data available
  • Access rights to data categories are connected to data criticality and compliance requirements
  • Manual management is substituted by automation (categorization, access, deletion, etc.)
  • Regulatory requirements are mapped to data categories, assuring data is treated accordingly
  • Interaction between data pools are made easier
  • Elimination of redundant, obsolete or trivial data simplifies the organization and infrastructure and eliminates unnecessary costs
  • Compliance regulations and new data analytics projects can be implemented faster and easier

But caution:

  1. It is impossible to reach perfection given the high number and complexity of the data!
  2. Data Governance usually requires many resources (both in staff and in finance) and existing organizational structures and competencies may have to be reorganized across the company
Thomas Bolliger

Partner, Information Management & Compliance

KPMG Switzerland

Why Data Governance should be an integral part of any digital business strategy

When running digital initiatives, Data Governance is an integral part of successful digital transformation strategies. Far from being a pure IT task, it is located at the interface of several areas and determines to what degree and at which speed the company can change itself. Moreover, it is not a single task or an individual project that is carried out once, but rather an ongoing company-wide change in organization and management.

How to start?

  1. Define your data governance organization
  2. Define roles and responsibilities and train staff
  3. Define and prioritize what you want to achieve
  4. Define and allocate sufficient resources
  5. Start small, act fast and immediately replicate what has proven to be successful