You’ve set the rules for the governance of the data your company collects.
That’s the first step, but for it to be effective, it needs to be enforced.
To do this, it’s important to think about the internal organization needed to manage data properly.
“Who does what and how” are the questions to ask.
Establish roles and responsibilities
The first step is to choose the person responsible for the company’s data.
This person will be responsible for establishing and ensuring compliance with the company’s governance rules.
To do this, he or she will need to address a number of issues:
- Who can create data?
- Who can modify data?
- Who can use the data?
- Where and how will the data be stored?
- How will data be protected from theft or loss?
It’s by answering these questions that best practices are put in place to govern the data in a company’s possession.
Of course, this person has a transversal role within the company, as the various measures established have repercussions on all departments.
Indeed, they will all need to be trained in data handling according to their authorizations.
They will also need to know who is using the data, and ensure that no one with access to it oversteps their rights by accessing information to which they are not authorized.
The person in charge of governance is therefore the one who holds the keys to the “kingdom of data”.
This notion of security is all the more important if the data held is subject to rules outside the company’s control, such as the General Data Protection Regulation (GDPR).
To achieve this, checks will need to be carried out regularly.
This is why the organization of data governance needs to be thought through and perfectly taught to all employees.
Data access
Not all data is equally useful.
Some can be used for marketing purposes (e-mail addresses, telephone numbers, etc.), while others will only be used internally by the company.
To give the right rights to the right people, all data must be perfectly catalogued.
To achieve this, we distinguish between 3 types of use:
- Collection, creation, storage, protection…
- Modification, use, reuse, archiving…
- Analyze, share, copy, test…
Security is an integral part of the data governance plan. This is why not all uses are permitted to all employees.
Setting up the new organization
The person responsible for data governance will sometimes have to deal with recalcitrant employees who will not appreciate the upheaval of their usual tasks with new, sometimes restrictive protocols.
So, to make the change easier to cope with, it’s a good idea to bring together all the members of the departments affected by the new rules, and explain the reasons for the change.
Better still, this meeting will be an opportunity to highlight the growth possibilities linked to this change, so as to change the minds of any remaining holdouts.
Finally, to ensure that everything runs smoothly, it is essential that the person in charge of governance takes into account the suggestions of those who use the data on a daily basis.
Indeed, the governance organization will be more sustainable if the person in charge takes into account the company’s entire past, relying on the most experienced employees to put in place effective measures that will drive the company forward.
Any change in a company requires the implementation of a new organization, which is not always well received.
Everyone needs to be aware of their role and the importance of these data governance processes, because this information is an integral part of the company’s assets.
We’ll look at this notion in our next chapter.
