Data governance supports data protection – in particular, the GDPR
Just a few years ago, the discipline of data protection was mainly about securing who had access to your data and ensuring the data did not fall into the wrong hands. Data governance, on the other hand, was mainly about managing your data and improving your data quality. Despite what many people think, data governance and data protection have never been the same thing, and the line between the two disciplines used to be very clear. But now we have a relationship between data governance and data protection where they work together and complement each other. What happened?
The General Data Protection Regulation (GDPR) happened. The European Union personal data regulation has raised the data protection bar and require businesses to better manage, store and document any personal data they may hold on European citizens. The GDPR requirements are creating the overlap between the two disciplines.
In order to understand how, we need to start with defining what data governance is. Expert in data governance, Nicola Askham, defines it as:
“Proactively managing your data to support your business achieving its strategy and vision.”
Data governance is achieved by implementing a data governance framework that consists of policies and processes as well as roles and responsibilities. How does that work together with data protection? Well, let’s apply it to some of the data protection requirements listed in the GDPR, such as…
According to the GDPR, companies who manage personal data on a larger scale are obligated to have someone accountable, a data protection officer (DPO), whose main task is to make sure the GDPR is met and that individuals have a point of contact if they have questions or concerns about their personal data. In a data governance setup, on the other hand, you’ll have multiple data owners and data stewards, who are all responsible for utilizing an organization’s data governance. Obviously, you’ll have the greatest business impact if you enable all of these employees to work side by side, complimenting and supporting each other, instead of laying the full data responsibility on one person, the DPO.
According to the GDPR, businesses need to be able to identify where they store personal data. In GDPR and data protection jargon, optimally you have a comprehensive data map or data inventory overview. But, if you already had robust data governance in place prior to the GDPR, you already had a data glossary that tells you what data belongs to which systems, and data lineage diagrams that show you how data is flowing through the organization.
According to the GDPR, personal data shall be accurate and, where necessary, kept up to date, which raises the demand for a certain level of organizational data quality. After all, how will you protect the data if you cannot even guarantee its quality? If you want to improve the quality of your data, having a data quality issue management process and data quality reporting—all basic parts of a solid data governance initiative—should hopefully help resolve it.
A long-lasting data governance approach goes beyond data protection
As you see, data governance supports data protection, and in particular the GDPR, in numerous ways. Having solid data governance framework will help your organization to continue meeting GDPR requirements in a sustainable manner. So, if you do not already have the level of data governance you could wish for, or if your data governance efforts do not encompass all your personal data, there’s no better time than now to give it a boost.
GDPR is not going to go away. Now, organizations need to go from project mode into business as usual with the GDPR, and that’s where long-lasting data governance efforts pay off. Furthermore, data governance does not only support data protection, but is the key driver for many positive business outcomes, such as efficiency, accurate reporting, compliance support, reputation and customer experience improvements.
Learn more about how to develop data governance policies and processes: