Categories
erwin Expert Blog

GDPR, Compliance Concerns Driving Data Governance Strategies

There are many factors driving data governance adoption, as revealed in erwin’s State of Data Governance Report. Over the coming weeks, we’ll be exploring them in detail, starting with regulatory compliance.

By Michael Pastore

Almost every organization views data governance as important, so why don’t they all have it in place?

Modern organizations run on data. Whether from sensors monitoring equipment on a factory floor or a customer’s purchasing history, data enters modern businesses from every angle, gets stored in any number of places, and is used by many different people and applications.

Data governance refers to the practices that help businesses understand where their data comes from, where it resides, how accurate it is, who or what can access it, and how it can be used. The idea of data governance is not new, but putting data governance into practice and reaping the benefits remains a struggle for many organizations.

According to our November 2017 survey with UBM, nearly all (98 percent) respondents said their organizations view data governance as either important or critically important from a business perspective. Despite this, 46 percent of respondents indicated their organizations recognize the value of data, but lack a formal governance strategy.

One of the significant obstacles to data governance for many organizations is the idea of ownership. In many businesses, it’s safe to say that the IT organization has ownership over the network, just as it’s easy to say that the business oversees payroll.

Data is a bit more complicated. The business side of the organization often analyzes the data, but it’s the IT organization that stores and protects it. This data division of labor often leaves data governance in a sort of no-man’s land, with each side expecting the other to pick up the torch.

The results of the erwin-UBM survey indicate that businesses are increasingly treating data governance as an enterprise-wide imperative. At 57 percent of respondents’ organizations, both IT and the business are responsible for data governance. Just 34 percent of the organizations put IT solely in charge.

Strong data governance initiatives will overcome the issue of ownership thanks in part to a new organizational structure that considers the importance of data. The emergence of the chief data officer (CDO) is one sign that businesses recognize the vital role of their data.

Many of the first generation of CDOs reported to the CIO. Now, you’re more likely to see the CDO at forward-thinking organizations sit on the business side, perhaps in the finance department, or even marketing, which is a huge consumer of data in many businesses. Under the CDO, it’s increasingly likely to find a data protection officer (DPO) tasked with overseeing how the business safeguards its information.

What's Driving Data Governance

Driving Data Governance: Compliance Is Leading Organizations to Data Governance

Now is a good time for businesses to re-think their data structure and governance initiatives. Data is central to organizations’ compliance, privacy and security initiatives because it has value — value to the business; value to the customer; and, like anything of value, value to criminals who want to get their hands on it.

The need to protect data and reduce risk is an important factor in driving data governance at many organizations. In fact, our survey found that regulatory compliance, cited by 60 percent of respondents, was the most popular factor driving data governance.

There’s an increased sense of urgency regarding data governance and compliance because of the European Union’s General Data Protection Regulation (GDPR), which goes into effect this month. According to our research, only 6 percent of respondents said their organization was “completely prepared” for the regulation.

Not only does the GDPR protect EU citizens at home, but it extends protections to EU citizens wherever they do business. It really goes much farther than any other legislation ever has.

The GDPR essentially gives rights to the people the data represents, so businesses must:

  • Minimize identifiability in data
  • Report data breaches within 72 hours
  • Give consumers the ability to dispute data and demand data portability
  • Understand the GDPR’s expanded definition of personally identifiable information (PII)
  • Extend to consumers the right to be “forgotten”

And much, much more.

The maximum fine for organizations in breach of the GDPR is up to 4 percent of annual global turnover or €20 million, whichever is greater. And because the GDPR will apply to anyone doing business with EU citizens, and the internet transcends international borders, it’s likely the GDPR will become the standard organizations around the world will need to rise to meet.

The GDPR is a hot topic right now, but it’s not the only data-security regulation organizations have to honor. In addition to Payment Card Industry (PCI) standards for payment processors, industry-specific regulations exist in such areas as financial services, healthcare and education.

This web of regulations brings us back to data governance. Simply put, it’s easier to protect data and mitigate a breach if your organization knows where the data comes from, where it is stored, and what it includes.

Businesses stand to gain a number of advantages by implementing strong data governance. Regulatory compliance is sure to get the attention of C-level executives, the legal team and the board, but it means very little to consumers – until there’s a breach.

With new breaches being reported on a seemingly daily basis, businesses that practice strong data governance can help build a competitive advantage by better protecting their data and gaining a reputation as an organization that can be trusted in a way that firms suffering from high-profile breaches cannot. In this way, data governance helps contribute directly to the bottom line.

Still, compliance is the No. 1 factor driving data governance initiatives for a reason.

Using data governance to drive upside growth is great, but not if you’re going to lose money in fines.

In our next post in this series, we’ll explore how your organization can use data governance to build trust with your customers.

 

Michael Pastore is the Director, Content Services at QuinStreet B2B Tech. This content originally appeared as a sponsored post on http://www.eweek.com/.

Learn more about how data governance can help with GDPR compliance by downloading the free white paper: GDPR and Your Business: A Call to Enhance Data Governance Expertise.

Data Governance and GDPR: GDPR and Your Business Whitepaper

Categories
erwin Expert Blog

Overcoming Teething Problems in Enterprise Architecture

Historically, the teething problems in enterprise architecture have prevented it from realising its full potential. However, the uptick in data-driven business has made the practice essential, meaning organizations are looking for an enterprise architecture approach that works best for them.

Although they might not always be immediately obvious to the outsider, the value of Enterprise Architects to EAs and even many CIOs is clear. The practice has long been one of the best drivers of business transformation, and IT/business alignment.

Yet over the years, a number of studies indicate hurdles in the early stages of Enterprise Architecture maturity that can stop businesses progressing further with the scheme.

Take Gartner for example. In a 2007 survey from the world renowned tech analyst, Gartner found that 40% of Enterprise Architecture initiatives would be stopped. A later survey (2015) indicates at least a degree of accuracy in the former, as it showed 70% of businesses were looking to either start, or restart an Enterprise Architecture programme.

It seems as if, although businesses are aware of the advantages of an EA practice, actually introducing one can be difficult.

With that said, this blog will covers things to consider when implementing an EA practice to avoid the historical problems in enterprise architecture initiatives and ensure it’s success going forward.

Problems in Enterprise Architecture: EA Needs Time

Businesses that adopt EA on a whim – in that they know they should be doing in EA, but don’t fully understand why – will likely run into this issue.

We must understand that Enterprise Architecture is far from an overnight fix. In fact, it’s the polar opposite. Although EA might highlight areas where overnight and radical change could benefit a business, the initiative itself is a constant and gradual effort in working to align business and IT, aid in strategic planning, and improve processes.

As time goes on, the degree to which these efforts can positively affect the business will also increase, as the EA practice becomes more mature. The added capabilities of EA are indicated in Gartner’s maturity model shown below.

Teething Problems in Enterprise Architecture: EA Maturity Model

This is important for two reasons. Firstly, a maturing Enterprise Architecture practice implies business growth, and so more EA has to be done in order to cope, as there is  more to manage.

Secondly, maturing in EA enables businesses to do a different kind of Enterprise Architecture. The typical, Foundational EA tasks – the one’s we refer to as keeping the lights on – will still be carried out. However, a more mature Enterprise Architecture practice can start using EA more aggressively, actioning what is known as Vanguard Enterprise Architecture Enterprise Architecture.

This kind of EA is more proactive, and it’s practitioners focus more on identifying opportunities and disruptions. This is the EA largely responsible for pushing business transformation and innovation, and so their results often have more lucrative, tangible results.

Most practices that abandon EA, do so without moving too far along the maturity model and so in most cases, are only doing entry level, Foundational Enterprise Architecture.

Problems in Enterprise Architecture: EA Needs Attention

Much of EA consists of strategic planning. Thanks to the practice’s macrocosmic (top down) view of the organization, and business wide responsibility, the planning carried out by EA’s can affect the business as a whole. When dealing with change of this nature, what is implemented cannot be started and left to integrate on its own. This sort of radical change needs to be guided and supervised.

This is why if a business is going to take on EA, they need to think about the EAs wider role in the organization. Who should they report to, who should report to them etc.

Many people make the case that EAs should report directly to the CIO, and in fact, hold an advisory role to the CIO as well. Gartner analyst, Brian Burke echoes this sentiment, stating: “We’ve witnessed a change in mind-set, execution and delivery of EA. The value of EA is not in simply ‘doing EA’, but rather in how it can help evolve the business and enable senior executives to respond to business threats and opportunities.”

Therefore, just implementing the scheme isn’t enough. It needs aftercare. This is why EAs should work closely with CIOs, and the benefits of this come two-fold. On one side, the CIO gains a valuable asset in having an adviser with perhaps the most broad, top down view of the organization and its structure, in the business. On the other, the Enterprise Architect has a role more closely aligned with the top table, and can exercise more pull in decision making.

This relationship, and the extra attention to EA it provides could be the difference between success in EA, and an amassment of half started projects and eventual lapse in investment.

Enterprise Architecture & Data Modeling White Paper