Stibo Systems - The Master Data Management Company

Data Governance and Data Protection, a Match Made in Heaven?

← Back
June 29 2021 |
2 minute read

Data governance supports data protection – in particular, the General Data Protection Regulation (GDPR)

Just a few years ago, the discipline of data protection was mainly about securing who had access to your data and ensuring the data did not fall into the wrong hands. Data governance, on the other hand, was mainly about managing your data and improving your data quality. Despite what many people think, data governance and data protection have never been the same thing, and the line between the two disciplines used to be very clear. But now we have a relationship between data governance and data protection where they work together and complement each other. What happened?

Data governance supports data protection

The General Data Protection Regulation (GDPR) happened. The European Union personal data regulation has raised the data protection bar and require businesses to better manage, store and document any personal data they may hold on European citizens. The GDPR requirements are creating the overlap between the two disciplines.

In order to understand how, we need to start with defining what data governance is. Expert in data governance, Nicola Askham, defines it as:

“Proactively managing your data to support your business achieving its strategy and vision.”





Data governance is achieved by implementing a data governance framework that consists of policies and processes as well as roles and responsibilities. How does that work together with data protection? Well, let’s apply it to some of the data protection requirements listed in the GDPR.


3 data protection requirements listed in the GDPR: 

1. Accountability

According to the GDPR, companies who manage personal data on a larger scale are obligated to have someone accountable, a data protection officer (DPO), whose main task is to make sure the GDPR is met and that individuals have a point of contact if they have questions or concerns about their personal data. In a data governance setup, on the other hand, you’ll have multiple data owners and data stewards, who are all responsible for utilizing an organization’s data governance. Obviously, you’ll have the greatest business impact if you enable all of these employees to work side by side, complimenting and supporting each other, instead of laying the full data responsibility on one person, the DPO.

2. Location

According to the GDPR, businesses need to be able to identify where they store personal data. In GDPR and data protection jargon, optimally you have a comprehensive data map or data inventory overview. But, if you already had robust data governance in place prior to the GDPR, you already had a data glossary that tells you what data belongs to which systems, and data lineage diagrams that show you how data is flowing through the organization.

3. Accuracy

According to the GDPR, personal data shall be accurate and, where necessary, kept up to date, which raises the demand for a certain level of organizational data quality. After all, how will you protect the data if you cannot even guarantee its quality? If you want to improve the quality of your data, having a data quality issue management process and data quality reporting—all basic parts of a solid data governance initiative—should hopefully help resolve it.


A long-lasting data governance approach goes beyond data protection

As you see, data governance supports data protection, and in particular the GDPR, in numerous ways. Having solid data governance framework will help your organization to continue meeting GDPR requirements in a sustainable manner. So, if you do not already have the level of data governance you could wish for, or if your data governance efforts do not encompass all your personal data, there’s no better time than now to give it a boost.

GDPR is not going to go away. Now, organizations need to go from project mode into business as usual with the GDPR, and that’s where long-lasting data governance efforts pay off. Furthermore, data governance does not only support data protection, but is the key driver for many positive business outcomes, such as efficiency, accurate reporting, compliance support, reputation and customer experience improvements.

Learn more about how to develop data governance policies and processes:

Master Data Management Blog by Stibo Systems logo

Martin Samuel Nielsen is the Chief Information Security Officer (CISO) at Stibo Systems. Martin, who has worked with information security in some of Northern Europe’s biggest companies, including Vestas and Velux, has a great passion for making data protection and information security an integral part of the daily business processes. He holds several personal information security certifications, such as CISA, ESL, CISSP, CISM and CRISC. Martin is also the leading force behind Stibo Systems’ ISO/IEC 27001:2013 certification, the international standard outlining best practices for information security management.

← Previous Post
Next Post →

Direct in Your Inbox

Enter your email address to receive notifications when new blog posts are published

Build Your Business Case

Estimate the ROI of your next demand management project.

Calculate Now

Stibo Systems named Champion

in 2022 MDM Market Update by Bloor Research

Access the Report