How to Put Together a Data Governance Team
Many businesses are scrambling to either upgrade or design a data governance plan. A wave of new privacy law legislation, set off by the GDPR in Europe in May 2018, has brought data governance programs and their terminology into a fresh spotlight. The new California Consumer Privacy Act (CCPA) effective January 1st, 2020, has created an even more pressing sense of urgency.
Organizations currently exploring what type of data governance plan would be a good fit for their business structure are likely running into a dizzying array of terminology involving data chiefs, officers, councils, committees, data stewards, and data owners that leave them more confused when they began.
The truth is it really doesn’t matter whether you call your data governance plan a ‘program’ or ‘policy’ or your team a ‘committee’ or a ‘council.’ The data governance plan and data governance team right for your firm are highly dependent on your industry sector, size, and business culture. There is not one unique framework for all.
Learn more about our secure customer engagement solutions
Tailor your data governance team to your business framework
Data governance and data management have rapidly evolved from an IT-specific responsibility to an enterprise-wide necessity. Along with data evolution, roles and titles have changed as well — and they’re still evolving.
When pulling together a data governance team, it’s important to remember that all employees are data people and need to bear varying levels of responsibility for data governance. How you assign specific roles and titles should be in line with your company’s architecture rather than any convention.
What is a data governance team?
A data governance team is made up of people from throughout an organization who carry out responsibilities specific to their role within a data governance plan. A data governance plan prioritizes the data governance policies that dictate how users collect, process, disperse, integrate, store, use, and delete data in the business processes of that organization.
Your data governance team should understand why a data subject-centric focus is essential for your data governance plan to both stay ahead of data privacy regulation and respond organically to business growth.
Who is a data governance team?
The members of a data governance team span across all lines of business and should integrate effectively into your current business model. If possible, each role in your team should be an organic extension of each member’s current position within the business systems you have in place.
While you may find you lack the human resources to fill specific roles, you will only discover this by understanding the actual functions that need to be performed within your data governance plan first before assigning titles and positions. Let’s go over some of the core roles typically required in most data governance teams.
Does a data governance team need executive-level sponsorship?
Without C-level sponsorship, you may find it challenging to acquire the funding for the human resources and technology needed to get a data governance plan off the ground.
According to a 2018 Digital Analytics & Data Governance Report by Observepoint, companies with C-level support onboard their data governance or management program show 42% more confidence in data accuracy. The same report found the most significant challenge organizations face in developing a data governance team is a lack of human resources.
Effective and persistent data governance programs will also most likely need to research and invest in new technology and machine learning to automate systems. This will require a budget. Building a data governance program and a data governance team should start with educating your internal team on data privacy laws to harness executive level support.
A C-level sponsor will both create and sustain momentum for your data governance program. Whether your executive sponsor is the Chief Data Officer (CDO), Chief Technology (CFO), Chief Technology Officer (CTO), Chief Information Officer, or Chief Marketing Officer (CMO), what’s important is that they are vested in the value of data within your company in some way.
Beyond championing your governance plan and providing clarity and direction, the executive sponsor will kick off the birth of your data governance team by designating a Data Protection Officer.
What is a Data Protection Officer?
A data protection officer (DPO) is responsible for overseeing a company’s data governance plan at enterprise level to ensure ongoing compliance with data privacy laws. Also referred to as the Chief Data Steward, or sometimes a Data Project Manager, your DPO is the link between C-suite, IT, and the rest of the company — A key player in implementing and maintaining your data governance plan throughout day-to-day governance operations.
Your DPO should know their way around the broad data protection space, including the GDPR, CCPA, and any other upcoming data privacy legislation that you may subject to. The DPO could be in-house or outsourced through a service provider, part-time or full-time, and could even consist of a Data Protection Office that integrates data analysts and IT depending on the size of your company. For smaller firms, if your DPO performs other duties within the company, those duties shouldn’t create a conflict of interest.
The DPO will be responsible for staying abreast of changes in data privacy law and amend the data governance plan to ensure compliance. Along with conducting data governance team meetings with the Data Governance Council, the DPO will either hold or arrange for ongoing training for all employees.
Your DPO will also be the go-to for external data stakeholders:
- Third-party vendors that process data on behalf of your firm must be cleared for compliance with data privacy laws.
- Data privacy regulatory authorities will need a consistent point of contact in the event of a breach or complaint
- Data subjects (individuals whose data you collect, process, or store) must have an identifiable contact in regards to their data in the event of a deletion request or other data-related inquiries.
Once appointed, your DPO’s first priority, usually along with the C-level sponsor, is to designate roles for the Data Governance Council, which is the body that extends data governance throughout the enterprise to the business user level. The DPO will create ongoing data privacy awareness through policy creation, implementation, and education by collaboration with the Data Governance Council.
After a data governance plan is set in place and begins to mature, the DPO can focus on improvements to data processes and the deployment of new technologies and alternative business models. This might involve the creation and update of detailed guides on data protection policies as well as the continual monitoring and tracking of all data performance metrics and data protection impact assessments.
What is a Data Governance Council?
A Data Governance Council is made up of the people who are going to carry out the activities of your data governance strategy. They should be subject matter experts (SMEs) from each line of business (LOB) such as HR, IT, marketing, etc. But they should also individually recognize data as a critical business asset and be well acquainted with both the data and systems in your organization. The members of your Data Governance Council will be the liaisons between your Data Protection Officer and all business users — everyone exposed to data in your enterprise.
The right people should be able to collaborate with other SMEs from all other LOBs, along with IT and data analysts, to determine and prioritize how data governance will be integrated into day-to-day business processes among all business users.
The complexity and reach of your data council will depend on your business size, framework, industry, and level of data dependence and interaction. For example, a health insurance firm that handles sensitive personal data will most likely have a much more complex Data Governance Council than a construction supply wholesaler.
What does a Data Governance Council do?
A Data Governance Council integrates the development and implementation of data privacy policies, standards, and procedures by involving the end-users in the importance of data privacy through education and ongoing support.
Because council members come from all lines of business, they can represent the nuances of how data is used within their department. They’ll be able to deliver feedback from users to the council and DPO to create an ongoing dialogue that keeps data governance agile and in-line with evolving business interests.
Depending on your company, council members may be designated as data owners in their departments, or they may delegate ownership to someone within their department. Similarly, they might be assigned stewardship or delegate data stewardship within their department.
What is the difference between data owners and data stewards?
Because some companies use these titles synonymously, or other firms might use different titles for the same roles, defining the difference between data owners and data stewards can be confusing. Generally, the difference between data owners and data stewards is:
- Data stewards typically have programming and data modeling expertise, define policies to protect data, and oversee the lifecycle of a particular data set or data within a specific function. Data stewards are responsible for the integrity and analysis of data sets and report to data owners.
- Data owners own particular data sets and need to have the authority or resources to take action if there are data quality problems. They generally monitor data with data quality reports and sign off on any actions their data stewards may have to consider.
In the same sense that there is no single standard of data governance plan for all enterprises, there is nothing etched in stone that says data owners and data stewards have to be assigned those titles, or even that those roles cannot be combined in some way.
Tips for designing your data governance team structure
The team structure you design is going to need to extend from the executive level to the user level and cover any roles in between that deal with data. In business today, that means everybody.
While considering individual roles, you’re going to want to focus more on data governance as an integral part of an employee’s position rather than the external imposition of data rules and regulations. The ultimate goal is to inspire a data governance culture at the user level rather than solely relying on policy enforcement from the top down.
A successful data governance team should reinforce open communication lines in both directions for holistic development by keeping the DPO and executive levels apprised of business users’ data experience on the front lines. Clear communication is necessary for the agility required to adapt data policy in response to users’ experiences and changes in privacy law.
Tips for choosing your data governance team
C-level support, the DPO, IT, data analysts, and SMEs in your Data Governance Council are the engine of a data governance team. But the focus of ongoing data governance will always come back to the point of use.
Examine the architecture of your data flows from the first point of contact throughout the entire data lifecycle. Identify those areas where data gives the most value, and where data creates the most risk. Data stakeholders closest to data value and data risk areas may be prime candidates for primary roles at the onset.
Ultimately, the goal is to create roles that are easily transferable with any turnovers. However, when initially kicking off a team, you want people who are motivated and care about your initiative. It will be their job to get everyone else in their line of business to care, so they should be data experts, skilled educators, and respected leaders in their departments.