Implementing Data Governance
Table of Contents
Executive Summary 3
What is Data Governance? 4
Why Do We Need Data Governance? 4
Defensive Data Governance 5
Industry-Specific Compliance 5
Privacy Compliance 6
Data Security and Protection 6
Emerging Compliances and Data Methodologies 7
Offensive Data Governance 7
Trustworthy Data-Driven Decisions 7
Efficient Data Engineering 7
Data Adoption 8
Emerging Compliances and Data Methodologies 8
Who is Responsible for Data Governance? 9
How to Practice Data Governance 10
What is a Data Governance Framework? 12
The Progressive Data Governance Framework 13
Next Steps 15
Assess your Data Governance Maturity 15
Implement Data Governance by Use Case 15
Lay Out your Data Governance Roadmap 16
In Conclusion 16
www.ovaledge.com 2
�Implementing Data Governance
Implementing Data Governance: A
Practical Guide
Executive Summary
Digital transformations are sweeping the business world at every level. From global
enterprises trading legacy systems for multi-cloud architecture to local car dealerships
swapping cable commercials and inflatable air dancers for CRM systems, technology
is advancing the fortunes and reach of companies across the board.
Today, the most influential technologies in the enterprise toolkit include AI, automation,
cloud applications, infrastructure, cybersecurity defenses, and analytics. Together,
these critical mechanisms empower companies to thrive in the most competitive
business landscape in history and meet the expectations of an increasingly discerning
customer base.
While these technologies may appear on the surface to be very different, serving
unique purposes, there's one thing that unites them all: data. You already know data is
the new oil, but did you know just how integral it was to your entire technology
ecosystem? Every digital touchpoint generates data, and it's this data that is fuelling
the applications and approaches that drive digital transformation.
However, for data to work for an organization, it has to be clean, it has to be available,
and it has to be managed, and with the increase of data sprawl, it needs to be secure.
In other words, it needs to be governed.
Think of data governance as Michael Caine. He only ever won an Academy Award for
Best Supporting Actor, but he's always the star of the show.
In this guide, we'll explain what data governance is, why you need it, and how to
implement it at a pace that matches, not exceeds, your digital transformation strategy.
www.ovaledge.com 3
�Implementing Data Governance
What is Data Governance?
Data governance is organizing, securing, managing, and presenting data using
methods and technologies that ensure it remains correct, consistent, and
accessible to verified users.
Let's break that down. Data governance is:
Organizing — identifying all your data sources and getting all your data in one place.
Securing — making sure all your data is compliant with data privacy regulations and
internal company policies.
Managing and presenting data — after you've nailed down your organization's data,
you need to decide how you present this data to your team.
Using methods and technologies — like modern data governance platforms.
That ensures it remains correct, consistent, and accessible to verified users —
the people in your organization have the permission to access it, in short.
In practice, data governance boils down to two key actions: drafting and
implementing policies. Organizations must write policies that involve all the key
stakeholders, address specific pain points, and, crucially, are implementable within the
confines of the available technologies.
Example: The marketing department of a clothing company needs to secure the PII
data it uses to contact customers. However, they need a mechanism in place that
enables managed access. Currently, they have two options, leave it open to all users or
confine it to individual team members. They must write a policy governing access
requests and implementing data masking.
Why Do We Need Data Governance?
While data powers your company's most critical applications and practices, this is just
one strand of a web of drivers that makes data governance a vital business process.
You can break these down into two approaches, defensive and offensive.
www.ovaledge.com 4
�Implementing Data Governance
Defensive Data Governance
Defensive Data Governance is about protecting data and falls under the following
categories:
Industry-Specific Compliance
Data governance can help companies comply with various industry-specific regulations
such as the Health Insurance Portability and Accountability Act (HIPAA), the Basel
www.ovaledge.com 5
�Implementing Data Governance
Committee on Banking Supervision's standard number 239 (BCBS 239), and the Family
Educational Rights and Privacy Act (FERPA).
Example: A small Colorado bank must report its financial statements to a regulator. In
the aftermath of the 2008 financial crash, regulators require far more stringent proof
that the information provided is accurate. So, along with the figures, the bank needs to
provide evidence of the data's lineage, consistent definitions, and more.
Privacy Compliance
Companies that deal with consumer data must adhere to the various data privacy
regulations that protect that information. The most famous is the European Union's
General Data Protection Regulation (GDPR), which sent shockwaves and shivers
through thousands of organizations dealing with data from EU citizens when it was
launched in 2017.
Yet, the GDPR is just one of many international privacy regulations. Others include the
California Consumer Privacy Act (CCPA) and the UAE's Personal Data Protection Law,
but regulators worldwide are constantly developing new regulations, and the list is
growing.
Example: In 2022, Meta was fined €405 million by the Irish Data Protection
Commission for violating the GDPR. Meta-owned Instagram failed to protect the
privacy of minors using the app by publishing email addresses and phone numbers.
Data Security and Protection
Ultimately, organizations that collect PII or other confidential data are required to
adhere to various industry regulations and must have policies that define how data is
collected, who can access it, how they can access it, and more.
Data must be stored safely and, crucially, masked so users without authorized access
can't see what it contains.
Example: A US furniture retailer spends approximately 12% of its operating budget on
cybersecurity. However, the company still faces fines for violating the terms of the
CCPA because customer data was leaked in a credential-stuffing attack. Data was
stored on-premise, and the files weren't encrypted, so attackers could access them
using stolen credentials.
www.ovaledge.com 6
�Implementing Data Governance
Emerging Compliances and Data Methodologies
While many compliance regulations exist, the transformative nature of data-driven
industries dictates that new compliance regulations combat new threats, like advanced
ransomware, and support new data methodologies. We'll get to those later.
Example: In 2021, the Social Media Privacy Protection and Consumer Rights Act of
2021 was introduced in the US, requiring social media platform operators to provide
users with information about data collection and usage before creating an account.
Offensive Data Governance
Offensive Data Governance is about extracting the maximum value from your
company's data assets. It looks at the positive outcomes from a defensive stance and
deploys them offensively to increase a business's success. You can split this offensive
approach into the following areas:
Trustworthy Data-Driven Decisions
When data is of high quality, standardized, and certified, it can be used to make better
business decisions. The same governance process that ensures data is secure and
well-organized for compliance reasons makes it available for business teams too.
Example: A coffee shop uses a data governance process to optimize its ordering
system. With stringent data management facilities, the shop can easily match the
amount of the most popular coffee and fresh ingredients it needs to order with
customer demand. Previously, the company was experiencing a high level of waste due
to overordering.
Efficient Data Engineering
A positive side effect of data governance is increased efficiency, and data engineers
can monitor data quality to create better models. Data governance processes also
enable more detailed impact analysis so engineers can track the success and failures
of data processes.
Example: An advertising company wants to increase its capacity for data visualization
to provide a client-facing dashboard so customers can monitor campaigns
independently. With an efficient data quality improvement procedure, the company's
www.ovaledge.com 7
�Implementing Data Governance
data engineers can quickly develop the model and ensure it's updated in real-time with
high-quality data.
Data Adoption
Data governance makes data more accessible to more users. It enables organizations
to put measures in place that support self-service, increase adoption of data analysis,
create a culture of data-driven innovation, and alleviate pressure from the IT
department.
Many technologies, particularly AI-powered applications, empower companies to
streamline business processes and digitize their organizations. However, as we
mentioned at the start of this guide, all these technologies require governed data and
techniques that make it easy for regular business users to operate them.
Example: A paper manufacturing company leverages AI to optimize its supply chain,
bolster marketing efforts, and improve other internal processes. However, the team
members creating the AI model are data scientists with little to no business knowledge.
On the other hand, business users need help accessing the data they need to operate
the models or even understand the information required to build them. They need to
speak the same language, communicate, and collaborate.
Emerging Compliances and Data Methodologies
New data methodologies like data ops, data mesh, and data fabric are revolutionizing
the data industry. However, you can't begin to operationalize these techniques without
getting the basics right. All of the central data processes required to maximize these
methodologies come when you start to govern your data smartly.
Example: A timber company that has been in operation for over a century has, in the
past decade, expanded its operation into manufacturing timber products for custom
eco homes. The shift from regular lengths to bespoke designs and a far wider client
base has resulted in an exponential increase in company data. The company wants to
start working with a data mesh strategy to support these innovations, but the company
culture is stagnant. Data literacy is low, and the majority of users in the company need
to be equipped with the tools to find and process the data they need to operate the
systems required.
www.ovaledge.com 8
�Implementing Data Governance
Who is Responsible for Data
Governance?
Most organizations realize the importance of data governance. Organizations have
people from business, data engineering, and compliance, who all understand the
benefits of a data governance strategy.
When consensus is reached, companies usually hire a consultant or assign a
person/team to implement data governance. Sometimes this team is carved out from
the business side, sometimes from the data engineering side, but rarely from the
compliance department, although the requirements are there.
OvalEdge CEO, Sharad Varshney recently surveyed data governance champions. He
asked, “Who is responsible for spearheading your Data Governance Program?”
CDO (Chief Data Officer): A CDO leads all data operations in an organization. They
are responsible for data management, governance, and analytics processes and
oversee technology and process implementation.
www.ovaledge.com 9
�Implementing Data Governance
Data Governance Manager: A Data Governance Manager is responsible for enforcing
data governance practices in an organization and ensuring that the various
stakeholders are aligned.
Data Steering Committee: A Data Steering Committee includes representatives from
every department in an organization. The Committee meets to discuss pain points and
requirements, and they recommend data governance policies for implementation.
Data Owner: A Data Owner protects and manages specific data assets primarily by
overseeing and granting, or dismissing, data access and edit requests. They work
closely with Data Stewards and Data Custodians.
Data Steward: A Data Steward's primary role is maintaining data quality and security.
To achieve this, they will draft policies that define the actions required to achieve these
goals.
Data Custodian: While a Data Steward is responsible for the business implementation
of data governance policies, a Data Custodian is responsible for the technical
requirements needed to support data initiatives.
How to Practice Data Governance
As we learned, data governance is about drafting and implementing policies to
organize, secure and manage data, but it can sometimes be complicated. If you get it
right, your organization can thrive with improved efficiency and better methods to sell
your product or services.
The trouble is, if you draft policies that are difficult to implement, you jeopardize their
success and the success of your organization. So, let's understand the different kinds
of policies we need to draft/adapt to implement them. These policies must comply with
the laws governing where the business operates, cover internal business needs, and
encourage data adoption.
Data quality policy: A data quality policy must specify standards for precision, totality,
consistency, and timeliness. It should explain how data is exchanged, validated, and
processed, and how data quality metrics are reported.
Data classification policy: These guidelines enable users to categorize data based on
various factors, including sensitivity, confidentiality, and business value. The policy
determines the levels of security, access, and handling procedures for diverse data
assets.
www.ovaledge.com 10
�Implementing Data Governance
Data ownership policy: A data ownership policy assigns responsibility for data assets
to corresponding Data Owners and Stewards. These guardians are liable for the
accuracy, completeness, and appropriate use of data in line with verified guidelines.
Data lineage policy: A data lineage policy is the procedure for tracking data flow from
source to destination. With data lineage in place, organizations can quickly understand
data transformation and usage across an organization and benefit from a critical
methodology for data quality maintenance and compliance.
Data privacy and protection policy: Data collection, usage, storage, and sharing are
governed collectively by a data privacy and protection policy. It usually includes
measures to comply with applicable data protection regulations, like the GDPR or
CCPA.
Data retention and disposal policy: Companies deploy a data retention and disposal
policy to specify the rules for data retention periods and data disposal procedures. It
considers legal, operational, and risk management requirements.
Data access and security policy: A data access and security policy determines the
processes and rules for data access management. Considerations include
authentication, permission, encryption, and monitoring to protect data from
unauthorized access and security breaches.
Data sharing and integration policy: A data sharing and integration policy covers
both internal and external data assets. It manages data integration and oversees data's
consistent and accurate incorporation and transformation across dispersed sources.
Data backup and recovery policy: These guidelines outline procedures for developing
and maintaining critical data backups and strategies for data recovery.
Data compliance policy: A data compliance policy enables an organization to
undertake data management practices per applicable laws, regulations, and standards.
The policy includes procedures for periodic audits, risk assessments, and ongoing data
governance improvement.
www.ovaledge.com 11
�Implementing Data Governance
As we know, these policies can be complex, so both academics and various startups
are working on simplifying them. While academia is more focused on drafting policies
than implementing them, tech startups tend to focus on a single strand, like access
level control or lineage.
At OvalEdge, we take a holistic approach to data governance. Learn more about
drafting policies in the OvalEdge Academy, and OvalEdge has next-generation data
governance tools to help you implement them.
What is a Data Governance Framework?
If you can organize your data correctly, all your policies can be drafted and
implemented. For example, if privacy data is easy to find, you can prepare a policy that
addresses this privacy data. Administrators might block access to the entire database,
so the data is difficult to find.
A data governance framework is a way to structure data governance and begin
organizing your data. You can understand the various data governance frameworks as
you do the various methods of governing countries, such as democracy, autocracy, or
communism. Frameworks for data governance teach you how you should approach
drafting policies.
The first consideration is data organization, which is a significant task. You need to
organize your data to enable as many people as possible to find it for their use cases.
For example, data analysts must find the correct data to build business analytics.
Business users need to find data to make data-driven business decisions. And your
compliance team must ensure the data going to regulators or stakeholders is accurate.
This is why there are various frameworks for data governance. Some of these are
described below. However, most frameworks were designed when AI was unavailable,
complete advanced tool sets were absent, and data was located in hundreds of
locations. Now data is at millions of places, so you need a methodology that uses
state-of-the-art tech and AI.
The DAMA framework: Traditional governance follows the DAMA framework. This
framework's requirements enable cross-company involvement with each stakeholder
working in specific areas. However, implementing data governance using this
framework is complex, costly, and bulky.
The Stanford Data Governance Maturity Model: The Stanford data governance
framework was developed by the university in 2011 and was adopted from other
www.ovaledge.com 12
�Implementing Data Governance
well-known maturity models. While the Stanford framework is extensive, it doesn't
support incremental implementation steps or correspond with the technological shift
since it was conceived.
The Stanford and DAMA frameworks are prescriptive and out of touch with the current
business landscape. That is why we developed the progressive data governance
framework for implementing policies.
The Progressive Data Governance Framework
OvalEdge’s progressive data governance framework is built for today's technological
timelines. It is based on an acute understanding of current and evolving technologies,
AI capabilities, technology limitations, and use cases.
Based on that, it supports the highest implementation parameters to achieve the
maximum output. Progressive implementation enables users to develop data
governance programs at their own pace based on the technologies available to them.
Let’s explore each section of the progressive framework.
1. Roles and responsibilities: Companies need to create an organizational
structure for implementing data governance. This organizational structure must
include part-time roles such as data stewards and custodians and full-time
www.ovaledge.com 13
�Implementing Data Governance
positions such as data governance managers and administrators to manage
governance tools. Crucially, this stage is about defining ownership of data so
you can build a system whereby everyone knows where to access data and who
is responsible for it.
2. Inventory of data sources: Before any other data governance activities,
organizations must catalog and classify their data. Cataloging involves collecting
all of the data in one place so it can be better understood. Classification consists
of defining the data and dividing it into functional categories so companies can
create various policies (confidential, location, privacy, etc.) based on it.
3. Build a steering committee: A data governance committee provides the
leadership and resources required to run your data governance programs. Data
governance committees must meet formally and regularly to decide policies.
4. Run critical programs: Once data is cataloged, classified, assigned ownership,
and under the guidance of a steering committee, organizations can use
OvalEdge to run three core programs focused on data quality, access, and
literacy. Each program has a simple objective:
- Data literacy is about building standards in data use and increasing
discoverability.
- Data quality is about improving the quality of data to make it trustworthy.
- Data access is about making secure data access an integral component
of an organization's data strategy and ensuring privacy compliance
through secure, managed access controls.
5. IT data management: Underpinning the critical programs that constitute the
OvalEdge progressive data governance framework is the data management
efforts of a company's IT team. They play a crucial role in the framework by
providing the encryption, auditing, security, and infrastructure management
required for successful implementation. Ultimately, IT supports the running of
the three core data governance programs in the progressive framework.
The below sections describe more activities that help organize and clarify a budding
data governance initiative. We have provided a brief description and links to their
respective blogs.
www.ovaledge.com 14
�Implementing Data Governance
Next Steps
Assess your Data Governance Maturity
A data governance maturity assessment provides you with a way to understand the
level of data maturity in your organization. Calculating data maturity is critical in
understanding where you are on your data governance journey and where you need to
be.
This knowledge enables you to track the progress of your roadmap, measure and
evaluate, and as you can see from the diagram below, determine which areas of data
governance you thrive in and which areas need work.
Follow our step-by-step guide to assessing your level of data maturity and download
our maturity model questionnaire to expedite the process.
Implement Data Governance by Use Case
One of the best ways to develop a solid data governance strategy is to implement
procedures based on individual use cases. This way, you can roll out data governance
incrementally, focussing on the most pressing pain points.
The top five data governance use cases include, collaborative analytics or building new
data products, data privacy compliance, data discovery and data literacy provisions,
www.ovaledge.com 15
�Implementing Data Governance
creating a centralized repository of all standardized business terms, and centralized
data access management.
Find out how implementing data governance by use case can quickly give you
quantifiable results that help you measure the impact of your governance strategy.
Lay Out your Data Governance Roadmap
Like a project plan for data governance success, a roadmap provides tangible goals for
an achievable data governance strategy. As you can see in the diagram below, there
are a wide variety of considerations you need to account for to ensure your roadmap is
achievable, in line with the requirements of key stakeholders, focused on critical data
governance outcomes, and communicable.
Learn how to develop and implement a successful data governance roadmap in your
organization. Download our free roadmap template to provide structure to your
strategy.
In Conclusion
Every data governance initiative is different depending on the needs of your specific
organization. Following the best practices within this guide will provide a strong
www.ovaledge.com 16
�Implementing Data Governance
foundation to begin building your initiative within your industry. You can determine who
to involve at what stage as you have already created a practical foundation and
understand the why, who, and how of successful data governance.
www.ovaledge.com 17
