erwin Expert Blog

The Secret to Data Governance Success

Data governance (DG) 1.0 has struggled to get off the ground, but now DG is required for General Data Protection Regulation (GDPR) compliance, so businesses need a new approach to achieve data governance success.

When properly implemented, data governance is an empowering tool for businesses. But for many organizations just getting started with DG, implementation will be reactionary because of its mandatory status under (GDPR).

As such, businesses might be tempted into doing the bare minimum to meet compliance standards. But done right, data governance is a key enabler for any data-driven business.

The data governance success story

The first step in achieving data governance success is to define what it should look like. With clear goals, businesses can take the collaborative approach data governance requires – with the whole company pulling in the same direction – for proper implementation.

Data governance success typically manifests itself as:

  • Defined data: Consistency in how a business defines data means it can be understood across divisions, enabling greater potential for collaboration.
  • Guaranteed quality: Trusted data eases the decision-making process, allowing a business to make both faster and more assured decisions that lead to fewer false starts.
  • Compliance and security: With data governance, neither are sacrificed even as the volume of data and the accessibility of such data expands when silos are broken down. Of course, this is a key component of any business putting data at the heart of their operations.

With this in mind, your next steps should be to introduce Data Governance 2.0 by addressing the baggage of its predecessor, and learning from it. Two key lessons to take away: 1) treat data like physical assets and 2) treat data governance itself as a strategic initiative.

Treat data like physical assets

This year data went mainstream. In the two years prior, more data was created than in the whole of human history. With more and more businesses acknowledging the value of data insights, analysts correctly predicted that data would be considered “more valuable than oil” in 2017.

Businesses that have already experienced data-driven success recognized data’s potential value early on. Yet for the most part, data typically has been considered separate from physical assets. It has, therefore, been given subdued levels of vigilance compared to physical assets that are often tracked, maintained and updated to maintain peak operational performance.

Take the belt on a production line, for example. Lack of maintenance leads to faults, production delays, increased time to market and ultimately stifled profits and overall performance. Continuous neglect results in more costly repairs not to mention the costs related to down-time. The same is true for data.

If your data isn’t governed with due care, silos and bottlenecks easily develop, shutting off access to employees who need it and slowing down everything from data discovery to analytics.

Persistent neglect means your business will not understand where your most sensitive data is stored, making it more susceptible to breaches. As Equifax and Uber have demonstrated recently, such data breaches are costly enough without the fines that soon will be levied because of  GDPR.

Considering recent revelations surrounding the value of data, plus the imminent regulatory changes, it’s time businesses begin treating data with as much respect and care as their physical assets.

Treat data governance as a strategic initiative

The problem with historical data governance implementation is that it was seen exclusively as an IT-driven project. Therefore, governance was shoehorned through a collection of siloed tools with no input from the wider organization. More specifically, from line managers and C-Level executives to whom governed data is arguably most valuable.

In recent years, the problems with this approach have become further exacerbated by:

  • A demand for big data and analytics-driven growth
  • A need for digital trust in business dealings between organizations or between businesses and consumers
  • Upcoming personal data removal mandates with stronger individual privacy protections

In the current business climate, more than 35 percent of companies use information to identify new business opportunities and predict future trends and behavior. An additional 50 percent agree that information is highly valued for decision-making, and should be treated as an asset (

Clearly, it’s paramount that organizations view their data as a valuable asset, and the governing of their data as a strategic initiative in and of itself.

For more best practices in achieving data governance success, click here.

Data governance is everyone's business

erwin Expert Blog

Data Governance and Risk Management

Risk management is crucial for any data-driven business. Former FBI Director Robert Mueller famously said, “There are only two types of companies: those that have been hacked and those that will be.” This statement struck a chord when first spoken in 2012, and the strings are still ringing.

As data continues to be more deeply intertwined in our day-to-day lives, the associated risks are growing in number and severity. So, there’s increasing scrutiny on organizations’ data governance practices – and for good reason.

Governmental scrutiny, in particular, is gearing up. The General Data Protection Regulation (GDPR) introduces strict formality in the way data is governed across the European Union, including organizations outside the EU that wish to do business with its member nations.

But in certain sectors, public scrutiny is just as – if not more – important to consider. We’ve been talking since September about the data breach at Equifax, which has just been hit with a 50-state, class-action lawsuit.

And we just learned that Uber was hacked, resulting in the personal data of 57 million customers and Uber drivers being stolen. What’s more, the company concealed the breach for more than a year.

Whether we’re talking about financial or reputational damage, it’s absolutely clear that bad data governance is bad business.

Risk Management Data Governance

Risk Management for IoT

Think about the Internet of Things (IoT) for a moment …

IoT devices are gaining more stock in daily life – from the mundane of smart refrigerators and thermostats to the formidable of medical devices. Despite the degree of severity here, personal data is personal data, and the steps taken to mitigate security risks must be evidenced to be compliant.

Data governance is fundamental to risk mitigation and management. That’s because data governance is largely concerned with understanding two key things: where your data is kept and what it’s used for. Considering the scope of IoT data, this is no easy feat.

Estimates indicate that by 2020, 50 billion connected devices will be in circulation. Misunderstanding where and what this data is could leave the records of millions exposed.

On top of the already pressing need for effective data governance for risk management, we’re constantly approaching uncharted territories in data applications.

Lessons from Driverless Cars

The driverless car industry is one such example on the not-too-distant horizon.

Businesses from BMW to Google are scrambling to win the driverless car race, but fears that driverless cars could be hacked are well founded. Earlier this year, a Deloitte Insights report considered the likely risks of introducing autonomous vehicles onto public roads.

It reads, “The very innovations that aim to enhance the way we move from place to place entail first-order cybersecurity challenges.” It also indicates that organizations need to make radical changes in how they view cybersecurity to ensure connected vehicles are secure, vigilant and resilient:

  • Secure – Work on risk management by prioritizing sensitive assets to balance security and productivity.
  • Vigilant – Integrate threat data, IT data and business data to be equipped with context-rich alerts to prioritize incident handling and streamline incident investigation.
  • Resilient – Rapidly adapt and respond to internal or external changes to continue operations with limited business impacts.

The first thing organizations should take away is that this advice applies to the handling of all sensitive data; it’s by no means exclusive to autonomous vehicles. And second, security, vigilance and resilience all are enabled by data governance.

Data Governance Leads the Way

As discussed, data governance is about knowing where your data is and what it’s used for.  This understanding indicates where security resources should be spent to help mitigate data breaches.

Data governance also makes threat data, IT data and business data more readily discoverable, understandable and applicable, meaning any decisions you make regarding security investments are well informed.

In terms of resilience and the ability to rapidly respond, businesses must be agile and collaborative, points of contention in traditional data governance. However, Data Governance 2.0 as defined by Forrester addresses agility in terms of “just enough controls for managing risk, which enables broader and more insightful use of data required by the evolving needs of an expanding business ecosystem.”

As GDPR looms ever near, an understanding of data governance best practices will be indispensable. To get the best of them, click here.

Data governance is everyone's business