Intelligence and compliance ­depend on data governance

June 2018 Editor's Choice, Information Security, Security Services & Risk Management

Data governance is nothing new, it is simply the process of managing your data in a way that is convenient and accessible to you. Data governance is why a company sorts its documents alphabetically in a filing cabinet or buys a CRM (customer relationship management) system to manage its customer data.

Gartner defines data governance as: “The specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organisation to achieve its goals.”

Today, data governance is also increasingly being forced on organisations and even individuals by legislation designed to ensure the safe and legal capture, storage and use of data. Unfortunately, the growth of data in all its forms caused data governance to become increasingly complex, to the point where it is a skill in itself.

Maureen Grosvenor.
Maureen Grosvenor.

APPSolve is a technology consultancy offering advisory and technology services to clients, including in the business intelligence (BI) space. APPSolve director, Maureen Grosvenor, says that over the years the company has been in operation, it has always included data governance in its services as it’s a necessity if you want to obtain good BI from your data.

Of late, however, Grosvenor says governance has become a service on its own because of the amount of data companies collect and the challenges in structuring it in a way that delivers value. Data governance is not simply a technical issue, but more of a business issue that requires planning and strategising to ensure your data is collected, stored, accessed, archived and deleted in a manner that supports the business and meets legal requirements.

It’s an asset

Data today is no longer seen as something you collect while doing business, but most companies recognise the ‘gold mine’ they have in their data and see it as an asset. How you handle this asset will impact on the performance of your company as it relates to running the business, and impacts customers, staff and suppliers. The old cliché of ‘garbage in, garbage out’ is more relevant than ever, and the consequences of ‘garbage data’ today translates directly to the bottom line.

APPSolve’s Tessa Lillie, who is currently doing a PhD in data governance, explains that there are different approaches to governance. In the financial market, for example, the primary goal may be regulatory compliance, which has been a growing challenge since 2008 when the Basel Accord regulations were updated (known as Basel III).

And while the Basel III stipulations go far beyond data governance, the risk management demands require effective management of financial companies’ data. And to repeat, while IT plays a large role in data governance, the technology must be led by business-risk considerations.

Lillie says data governance requires a strategy, approved by the highest ranks in the company, that determines how data is used in an integrated manner across the board in the organisation. In most companies this does not exist and each department will have its own silo of data that it collects and uses for its purposes. The starting point for data governance is therefore finding out what data you have, what format it is in, and then devising a strategy to integrate it and manage it effectively.

Getting it done

The process of implementing your data governance strategy is far from simple. As noted, each company has various silos of data, some structured and therefore easier to manage, and some unstructured. Unstructured data could be the data individuals store in spreadsheets on their computers, or it could be social media data collected to determine market trends, for example.

The initial discovery phase should be used to find all of it, decide what data is important to the business and then work out ways to ‘clean’ the data and integrate it into a better and more manageable solution. By cleaning data, we mean getting your data consistent. For example, ensuring that city and customer names are spelled correctly, that identity numbers all have 13 numbers that correspond to the official structure of these numbers and so on.

Grosvenor adds that you can’t do it all, meaning that unless you are a small company, you can’t incorporate all the data in a business in the governance project. You have to decide what is necessary and required and start with that. Perhaps one could start on financial systems and the related data and ensure it is all 100% before moving onto the next department?

This, according to Lillie, means it is vital that you understand the value and meaning of the data to your business. The data architecture designed should then marry the data’s value to the business requirements while also tying the technology used to the business value attainable from the information.

A key element of data governance is not simply to make the data look nice at one particular stage of the company’s existence, but to align business and IT to ensure that data collected in the future will be captured and treated according to the new rules – data governance is a huge project and you don’t want to have to start at the beginning every few years. This means aligning the strategic, tactical and operational levels of your data strategy and keeping them aligned.

As an example, she says that companies often have a well-managed database of information, but then someone would pull data from the database to populate a spreadsheet they are working on. Data would be changed or added, but not updated back to the main data store, leaving two sets of different data – starting the problem all over again.

Everybody needs a data governance strategy

While the financial industry has its own set of regulations it needs to comply to, the same can be said for every company in South Africa that collects information. The GDPR, for one, requires every company dealing with EU residents to have a handle on their data to ensure the personal data of residents is secured according to the legislation’s guidelines.

On the local front, the Protection of Personal Information Act (PoPIA) will also require similar data standards to be in place, and these rules apply to everyone in South Africa (as well as juristic persons) and failure to observe them can result in stiff fines or even incarceration.

Unfortunately, Grosvenor notes that PoPIA is going to be a data wake-up call for many South African businesses as they discover how out of control their data governance processes actually are. In fact, some companies may choose to pay the fines as they would be less than the cost of getting their data under control (did we mention that data governance is a huge task?).

On a journey

Grosvenor concludes that data governance is not a simple project, but a journey. The more data you have stored in different places and formats, the tougher the process will be. The key is to devise a strategy and get on with it. You may not get it all done at once, but you need to start and follow a strategic process to get it done over time, ensuring that the wins you have attained are maintained as you integrate new data and data sources.

For more information, contact APPSolve, +27 (0)12 743 5115, [email protected], www.appsolve.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...
Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
From the editor's desk: Showtime for Securex
Technews Publishing News & Events
We have once again reached the time of year when the security industry focuses on Securex. This issue includes a short preview, with more coming online and via our special Securex Preview news briefs. ...

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.