data governance

(source – Shutterstock)

Is effective data governance a possibility for organizations today?

Data Governance is all about governing data in enterprise systems that are based on internal data standards and policies of data usage. All companies need to comply with data governance, but the problem today is there is just too much data to manage.

Effective data governance normally ensures data is not misused. As such, regulators continue to keep an eye on how organizations manage and store their data, especially with cybercriminals continuing to target company data.

Today, data governance policies cover a wide scope of areas. Companies are ensuring they have sufficient standards and plans to meet local compliance and regulatory requirements as well. This includes having a data governance framework to implement procedures that are carried out by the data stewards.

To understand more about data governance, especially in safeguarding it, David Corrigan, General Manager of Data Governance for Quality and Privacy at Informatica shares his views with Tech Wire Asia.

Should the APAC region work together on a comprehensive data governance policy such as the GDPR?

David Corrigan, General Manager of Data Governance for Quality and Privacy at Informatica

The proliferation of data today only means cross-border data flows are more crucial than ever – especially for companies looking to fully harness the power and efficiency of cloud solutions. While businesses make sure their data is well integrated with cloud solutions, data protection and privacy can never be overlooked. GDPR holds businesses to a high standard of security and transparency in handling personal data, maintaining the integrity and confidentiality of the data collected while securing it from threats. This is especially crucial in Asia with it being one of the most advanced digital societies in the world.

With APAC poised for large-scale innovation in 2022, data governance policies and compliance will be critical, especially when you’re tasked to safeguard the data of over one billion people that have access to digital services. Organizations will inevitably be obliged to comply and ensure precautions are taken, with standardized data governance and privacy policy in place.

We have been seeing countries across the APAC region coming together to discuss and agree on digital commitments, and one example is the ASEAN Digital Economic Framework Agreement (DEFA). The agreement aims to standardize digital trade rules and functions such as cross-border data flows, which will allow businesses to drive more efficient, regulated, and safer data flows. More still needs to be done in terms of regulatory rules on data governance and privacy, and this is the chance for nations in this region to get it right to ensure the sustainability of their businesses and capture opportunities and growth.

How can businesses be more empowered or incentivized to be more proactive in safeguarding customer data privacy and protection? 

Brand trust goes a long way. 86% of customers expect brands to act beyond their business, and will not advocate for the brand once trust is lost. 80% of APEJ organizations also have plans to increase investments in security compliance automation by 15% by 2023 – to prove to customers that they are taking extra steps to safeguard their data.

Businesses should also be more proactive by enforcing a data governance framework – creating a strict set of rules and processes for collecting, storing, and using data. The framework ensures that policies and rules apply to all data across the organization, streamlining and scaling core governance processes while maintaining compliance, no matter how rapidly data volumes grow.

Trying to drive modern data governance without the right policies, frameworks, and technology in place is risky business. Modern, technology-driven data governance protects and mitigates the risks of personal and sensitive data through the enablement of key compliance actions such as:

  • defining regulated data,
  • determining how, why, and where your company uses regulated data,
  • managing consent and rights for the use, as well as
  • evaluate risk exposure on an ongoing basis so you can protect and purge data accordingly

With a holistic data governance framework, businesses will ensure they comply with regulatory mandates like GDPR, protecting and mitigating the risks of mishandling sensitive data. Having a data governance program also prevents any cracks from forming in our data privacy practices, and trust can then be built and maintained between the organization and customers.

To this, organizations should be one step ahead – ensuring that personal and sensitive data is fully safeguarded – with a comprehensive governance framework covering data cataloging, identity mapping, risk analysis, and protection.

What is the overall business value of data governance and privacy, and how to map it back to value streams?

Good data governance ensures data is always readily available, of high quality, safe, and relevant to the organization – enabling the creation of value, while ensuring data is protected. CDOs today are tasked with driving business value by providing quick and easy access to high-quality data to accelerate decision-making.

A data governance framework enables the business to define and document standards, accountability, and ownership. With a unified view of data created across the enterprise, data relationships and lineage, classification, and collaboration naturally follow suit. This helps businesses create a solid and secure data marketplace where people across the organization have confidence that the data shared is fit for use. To map it back to value streams, organizations need to stock the shelves of their data marketplace with data that would help support both the business and stakeholders’ objectives. Based on that knowledge, your data marketplace would then possess useful information, accelerating time to value, allowing informed decisions to be made.

Data itself is a currency of today’s digital world. If you manage and govern it in the right way, you are protecting an incredibly valuable asset that will increase its value if the right moves are made.

How can companies develop impact assessments for data collection, use, disclosure, and processing, while supporting privacy and compliance efforts

The key to ensuring impact assessments are accurate while supporting privacy and compliance efforts is to ensure there’s an ongoing review of the four critical data management activities:

  • Data collection
  • Retention and archiving
  • Data use
  • Creating and updating disclosure policies and practices

Companies with a strong, scalable data governance program will have an advantage when developing impact assessments, as they will be equipped to accurately assess data-related risks and benefits in less time, and take more decisive action based on trusted data. Taking a step back, organizations must define and manage data governance policies to clarify what data is critical and why, who owns the critical data, and how it can be used responsibly.

Organizations will then be able to identify and understand sensitive data across all data platforms and use that information to develop and implement data protection and remediation plans and policies. Data can then be managed with fast and efficient data protection capabilities at scale, including dynamic masking, encryption, and persistent masking for data.

Overall, the ongoing monitoring of data collection, use, disclosure, and processing will be critical in tracking success and impact, whilst protecting sensitive information, supporting privacy and compliance efforts.