Intelligence and compliance ­depend on data governance
June 2018, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management

Gartner defines data governance as: “The specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organisation to achieve its goals.”

Today, data governance is also increasingly being forced on organisations and even individuals by legislation designed to ensure the safe and legal capture, storage and use of data. Unfortunately, the growth of data in all its forms caused data governance to become increasingly complex, to the point where it is a skill in itself.

Maureen Grosvenor.

APPSolve is a technology consultancy offering advisory and technology services to clients, including in the business intelligence (BI) space. APPSolve director, Maureen Grosvenor, says that over the years the company has been in operation, it has always included data governance in its services as it’s a necessity if you want to obtain good BI from your data.

Of late, however, Grosvenor says governance has become a service on its own because of the amount of data companies collect and the challenges in structuring it in a way that delivers value. Data governance is not simply a technical issue, but more of a business issue that requires planning and strategising to ensure your data is collected, stored, accessed, archived and deleted in a manner that supports the business and meets legal requirements.

It’s an asset

Data today is no longer seen as something you collect while doing business, but most companies recognise the ‘gold mine’ they have in their data and see it as an asset. How you handle this asset will impact on the performance of your company as it relates to running the business, and impacts customers, staff and suppliers. The old cliché of ‘garbage in, garbage out’ is more relevant than ever, and the consequences of ‘garbage data’ today translates directly to the bottom line.

APPSolve’s Tessa Lillie, who is currently doing a PhD in data governance, explains that there are different approaches to governance. In the financial market, for example, the primary goal may be regulatory compliance, which has been a growing challenge since 2008 when the Basel Accord regulations were updated (known as Basel III).

And while the Basel III stipulations go far beyond data governance, the risk management demands require effective management of financial companies’ data. And to repeat, while IT plays a large role in data governance, the technology must be led by business-risk considerations.

Lillie says data governance requires a strategy, approved by the highest ranks in the company, that determines how data is used in an integrated manner across the board in the organisation. In most companies this does not exist and each department will have its own silo of data that it collects and uses for its purposes. The starting point for data governance is therefore finding out what data you have, what format it is in, and then devising a strategy to integrate it and manage it effectively.

Getting it done

The process of implementing your data governance strategy is far from simple. As noted, each company has various silos of data, some structured and therefore easier to manage, and some unstructured. Unstructured data could be the data individuals store in spreadsheets on their computers, or it could be social media data collected to determine market trends, for example.

The initial discovery phase should be used to find all of it, decide what data is important to the business and then work out ways to ‘clean’ the data and integrate it into a better and more manageable solution. By cleaning data, we mean getting your data consistent. For example, ensuring that city and customer names are spelled correctly, that identity numbers all have 13 numbers that correspond to the official structure of these numbers and so on.

Grosvenor adds that you can’t do it all, meaning that unless you are a small company, you can’t incorporate all the data in a business in the governance project. You have to decide what is necessary and required and start with that. Perhaps one could start on financial systems and the related data and ensure it is all 100% before moving onto the next department?

This, according to Lillie, means it is vital that you understand the value and meaning of the data to your business. The data architecture designed should then marry the data’s value to the business requirements while also tying the technology used to the business value attainable from the information.

A key element of data governance is not simply to make the data look nice at one particular stage of the company’s existence, but to align business and IT to ensure that data collected in the future will be captured and treated according to the new rules – data governance is a huge project and you don’t want to have to start at the beginning every few years. This means aligning the strategic, tactical and operational levels of your data strategy and keeping them aligned.

As an example, she says that companies often have a well-managed database of information, but then someone would pull data from the database to populate a spreadsheet they are working on. Data would be changed or added, but not updated back to the main data store, leaving two sets of different data – starting the problem all over again.

Everybody needs a data governance strategy

While the financial industry has its own set of regulations it needs to comply to, the same can be said for every company in South Africa that collects information. The GDPR, for one, requires every company dealing with EU residents to have a handle on their data to ensure the personal data of residents is secured according to the legislation’s guidelines.

On the local front, the Protection of Personal Information Act (PoPIA) will also require similar data standards to be in place, and these rules apply to everyone in South Africa (as well as juristic persons) and failure to observe them can result in stiff fines or even incarceration.

Unfortunately, Grosvenor notes that PoPIA is going to be a data wake-up call for many South African businesses as they discover how out of control their data governance processes actually are. In fact, some companies may choose to pay the fines as they would be less than the cost of getting their data under control (did we mention that data governance is a huge task?).

On a journey

Grosvenor concludes that data governance is not a simple project, but a journey. The more data you have stored in different places and formats, the tougher the process will be. The key is to devise a strategy and get on with it. You may not get it all done at once, but you need to start and follow a strategic process to get it done over time, ensuring that the wins you have attained are maintained as you integrate new data and data sources.

For more information, contact APPSolve, +27 (0)12 743 5115, enquiries@appsolve.co.za, www.appsolve.co.za