Finding Untapped Value through Data Governance: Beyond Regulatory Compliance

“You have to look beyond just the granular level issues of compliance. You have to see the big picture – it’s really important to understand what this stuff all really means, how it all works, and how you can benefit your company beyond just being compliant,” said Eric Kavanagh, host of DM Radio Deep Dive in the webinar The Importance of Data Governance.

Kavanaugh set the stage for Dan Sholler, Product Marketing at Collibra, and Vasiliki Nikolopoulou, Enterprise Information Architect, also at Collibra. In the webinar, Kavanaugh, Sholler, and Nikolopoulou talked about what it takes to find value hidden in your data by putting good Data Governance into place and creating an experience that fosters trust of that data in users.

How Collibra Makes Data Governance Possible

There are myriad established ways to make data accessible to the IT department, but for business users. Sholler said it’s no longer enough to use the “old-fashioned Data Governance process, where once a month I write down business asset definitions in the spreadsheet and put it on a SharePoint server.” Business users require a more accessible approach:

“It’s a complex problem. You need to have a platform. That platform needs to be a system of engagement, to drive engagement with the data, and it needs to have automation around what you do with your data.”

It’s no longer possible to rely on simplistic approaches to this. “If you automate it, it will make it easier for people –  then they’ll do it at scale.” Whereas, if organizations don’t, then they’re not going to get that kind of activity because it’s just going to be too difficult for people to accomplish, especially as the volume of data and the uses of data scale up.

This is where Collibra comes in. Collibra is at its core a Data Governance platform, focusing on delivering a good experience around finding, understanding, and trusting data for all data citizens, Sholler said. Users need accessible, trusted, governed data, across the enterprise. “It’s got to be dynamic. It has to be part of people’s day-to-day life. You have to bring it to the people where they are, so it has to be integrated.”

He said that users need to be able to see it on their iPad, on their phone, on the PC. It has to integrated with whatever platform that they’re using to access the data. “It just has to be where people are. It has to be part of the process and it has to be a fair exchange of value for everyone that’s involved,” he said.

Historically, he said, governance was mostly defensive. The purpose of Data Governance was really not to run afoul of various regulations. It was, and still is legitimate, but the enterprise needs for governance have expanded exponentially in the modern organization. “But when we look at governance only that way, most people didn’t see it as too appealing.”

Talking to various business users, or C-level executives about spending lots of money for adhering to a specific regulation was certainly necessary, but not something that they would be on-board with long term. “They would kind of give you the same look that my like 10-year-old gives when you tell me I have to eat his vegetables, right?

Collibra provides a broad platform that brings Data Governance to everyone in an organization.

“If you treat governance as the processes and information that you collect about your data and the processes that you have for making your data discoverable, making sure that it’s trustworthy,” he said. “Then you have the opportunity to use the data in ways you never have, in ways that are exciting and useful for everyone.”

Trust is the Anchor of Every Business

At the beginning of the webinar, Kavanaugh stressed that trust is the core of good business:

“We really do have trust baked into the core of our business culture. So, it’s important to understand that trust really is valuable, and once you lose trust, it’s very difficult to get back.”

The GDPR has forced organizations to understand where their data is, who is using it, and for what purpose, he said. That process provides an opportunity for a transformation to a governed environment where business users have confidence in their data and use it to gain an edge in the market.

Nikolopoulou said that the GDPR sets “a very nice baseline for how private data should be handled in terms of Data Governance,” because compliance starts with policy and processes from a business perspective. “That sets a very good pace and enables companies to get started with a Data Governance program and expand on it.”

Gartner estimates that one trillion dollars in untapped value lies hidden in data that is not properly used. “Data Governance plays that role, to help identify what is the value of data and put it to use,” she said.

Kavanaugh added that the ability to maximize that hidden value is also all about trust, “The key here is in terms of data, understanding your data, understanding your processes, understanding your organization and your culture in particular is really important.”

Three Steps to a Trusted System

Nikolopoulou and Sholler outlined three steps organizations can take to building a trusted system where data has meaning and provides value:

• Create ‘the data experience’
• Use a flexible approach based on your use case
• Establish meaningful metrics based on what’s important to your stakeholders

Step One: Create ‘The Data Experience’

Sholler described the data experience as:

“When I need to understand something about my business, about my customers, about my suppliers, I can find what leads me to the appropriate analysis of that information, and I can drive that toward an actionable conclusion in a way that makes sense to me as a business person.”

To do that requires putting processes and policies in place to keep track of what data you have, where it came from, who is using it and why, as well as a mechanism to continuously update and improve that knowledge about your data, he said.

To do that requires putting processes and policies in place to keep track of what data you have, where it came from, who is using it and why, as well as a mechanism to continuously update and improve that knowledge about your data, he said.

• Subsume Old Notions of Data Governance

Nikolopoulou explained the importance of blending the ‘old school’ approach of focusing on IT with a new focus on the needs of business users. “It’s data citizen enablement,” she said. “It empowers the users, the data citizens, to do things, to change things with the data.” And along with this focus, to recognize that the process will evolve, because organizations don’t just write a book about a glossary of business terms in a Data Dictionary and put it on the shelf. “It is continuously improving, continuously changing and growing,” she said.

• Balance Offense and Defense

According to Nikolopoulou, the best practice and success comes from a balance between a good offense and defense. “The old system was [just] to catalogue the data, the technical metadata,” she remarked. The focus was on the needs of IT users.

Sholler illustrated defensive Data Governance as: “The way you knew you were doing it right was nobody got sued, nobody went to jail, and [you] weren’t breaking the rules anywhere.”

Offensive Data Governance is a focus making data valuable for business leaders, he said. Historically data has been a side effect of executing a process and that data was usually information about the state of the process. “You really thought about the data as sort of a secondary thing. Whereas today, people are realizing that it’s kind of the other way around.”

• Focus on Realized Value

This change in thinking puts the focus on the value of the data to the primary stakeholders – business users, said Nikolopoulou. In order for the business users to get value out of the data, “we need to talk their language.” Enterprises need to collect information from these business users about the critical data elements, the processes, and the rules they want to define. Business processes should be distributed, automated, and tracked as part of day-to-day work, and outcome oriented, she said.

Step Two: Take a Flexible Approach by Use Case

Nikolopoulou stressed the importance of tailoring the implementation of Data Governance to the type of business you have. Although there are many more, she presented three of the most commonly used approaches: top down, bottom up, middle out.

• Top-Down Approach: Business User Wanting Self-Service Analytics BI

Accurate BI and Analytics depend on certified assets to provide value, she said. “Certifying the assets, going through the process with workflows that define exactly what is certified, what is trusted, and who owns it.” Ownership or responsibility makes a big difference in reducing costs, reducing risk, and increasing value, she said. So, start with the reports, start with business terms, glossaries, metrics and KPIs. “Then drill down into the technical metadata that are linked to this business information.”

• Bottom-Up Approach: Technology Company and Financial Institution

She gave an example of a company that started with importing, ingesting technical metadata from their Data Lake and Data Warehouse. “They built it up with context, like business meetings, and processes, and rules around the data that they imported or ingested.” The data is not static, therefore monitoring and documentation are built into each step, so the approved definition reflects the current state of the data, she said.

• Middle-Out Approach: Regulatory Compliance

According to Sholler, starting from policies and regulations, and expanding both on the business and on the technical front “is a very healthy way to start Data Governance.” This approach starts from existing policies, processes, and projects rather than reports or tables. The focus is on asking why the data is important, what the critical elements are, who owns the data, what roles are needed, and what applications are using the data. Nikolopoulou said the regulatory compliance approach, “is actually a very good baseline, because you start from what’s important to your organization.”

Step Three: Establish Metrics Based on Value to Stakeholders

The third step is to map the value to the stakeholder, “Make sure that the stakeholders get the value they need,” using dashboards and heat maps that make the data accessible. Sholler explained:

“We need to know the Data Lineage, but from a business person’s perspective, what they actually need to know about the Data Lineage is just enough to give them confidence in the trustworthiness of it.”

They need to know that the sales data from their account receivable system is trustworthy. They don’t need to know every detail of which column went from where to where to where. “The IT people may need to know it,” said Sholler. “But the business users don’t.”

Nikolopoulou summarized that to find that hidden value, the focus now should be on the real value for the business end user, not just for IT.

“The bottom line is that we are creating a new data experience. We improve on the old notions of Data Governance by balancing and including new concepts like the operating model, the workflows, the issue management, the stewardship, the catalogue, and a balance between an offensive and defensive approach.”

The Podcast

The Batten Down the Hatches: Here Comes GDPR podcast was co-hosted by William McKnight, President of McKnight Consulting Group, and had guests Stijn Christiaens from Collibra, David Kruger from Absio, Jason Ma from Alation, and Darren Cooper from Stibo Systems.

Photo Credit: garagestock/Shutterstock.com