What is a data governance framework?
A data governance framework is the documentation of rules, processes, and roles in place to govern how an organization’s data is collected, stored, managed, and used. The policies and procedures set forth in a data governance framework ensure that availability, quality, privacy, and compliance standards are met.
Data governance framework benefits
The potential benefits a data governance framework provides are that it:
- Allows organizations to be more agile
- Assures data security and privacy
- Delivers operational efficiencies
- Democratizes data
- Directs the implementation of best practices for data assets and data management
- Enforces data quality, accuracy, completeness, and consistency
- Ensures a consistent view of data
- Establishes transparent processes and policies for data strategy and management
- Facilitates data analysis to enable informed decision-making
- Improves scalability
- Instills confidence in data
- Keeps data easily accessible
- Maintains consistent and high-quality data across the enterprise
- Makes data assets discoverable, usable, and easier to connect with business outcomes
- Minimizes risk
- Provides flexibility to meet the unique needs of users and systems
- Reduces costs associated with fragmented or siloed data
- Streamlines workflows
- Supports adherence to regulatory compliance requirements
Four pillars of data governance
The four pillars of data governance are data quality, data stewardship, data protection and compliance, and data management. Each of these pillars represents a core aspect of effective data governance and plays an integral part in data governance frameworks. Working together, they help ensure that:
- Data quality meets expectations and requirements
- A person or team is assigned and responsible for owning and overseeing data sources
- Processes, systems, and controls are in place to assure that data security and data privacy standards and regulations are adhered to, such as California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and General Data Protection Regulation (GDPR)
- Proper data management practices are implemented and maintained
Each of these four pillars is applicable to data governance throughout the lifecycle of managed information. Within a data governance program, these pillars inform the proper handling of data assets.
Considerations for a data governance framework
The following are key elements to consider when developing or evaluating a data governance framework. Each of these plays an important part in a comprehensive, effective framework that ensures compliance with laws and regulations and that data is stored and managed in a way that best suits the needs of the organization as a whole and of individual users.
Data architecture and technology infrastructure
Data architecture and technology infrastructure are at the foundation of data governance frameworks. The data architecture element defines the design and structure of data, including how it is classified and inventoried, to ensure it meets the requirements.
The technology infrastructure includes the hardware and software systems used to collect, store, and manage data, such as databases, data lakes, data warehouses, and enterprise resource planning (ERP) systems. It also includes the network connections that are needed to support the exchange of data.
Data discovery
A data governance framework includes details about how data discovery should be handled to create a unified view of all information. Data discovery includes data as well as other elements, such as:
- Collaboration
- Data certification
- Data classification
- Data engineering
- Data lineage
- Data profiling
- Data relationships
- Metadata
Data integration
Data governance frameworks help ensure the efficacy of data integration, the combination of data from different sources, to provide unified views and ensure compatibility for optimal usability.
The data integration component of data governance frameworks ensures that data from across the enterprise, as well as third-party sources, can be easily merged, used to power applications, and analyzed and used to inform decision-making.
Data lifecycle management
Data lifecycle management is the aspect of a data governance framework that directs the oversight of data from creation and collection through use and end of life. It includes setting policies and procedures for the following.
Data archiving
- What is acceptable media for archiving?
- What security is required for the archived data?
- How long should it be archived?
Data disposal
- When should data be destroyed?
- What are approved methods for data destruction?
- What proof is required for data destruction?
Data retention
- How long should data be kept?
- What happens at its end of life (e.g., destroyed or permanently archived)?
Data literacy
Data literacy is sometimes included in data governance frameworks. It refers to the skills required to understand the data that an organization creates, collects, stores, and processes. It also includes understanding how elements of the data governance framework should be applied to the data.
Data management
Data management is the section of the data governance framework that specifies the processes and rules that define how an organization’s data assets are created, stored, and accessed. It sets forth rules about how data can be used and shared internally and externally. It also includes details about what metadata (e.g., data source, creation date, last update, and owner) is required and how it is formatted to ensure that data can be easily found.
Data quality
The data quality component of a data governance framework focuses on establishing and maintaining the accuracy, completeness, consistency, and reliability of data. This includes identifying and putting into place the processes, tools, and automation needed to minimize error, identify inaccuracies, and direct corrections throughout the data lifecycle. Elements of the data quality component of a data governance framework include:
Data collection
- Data entry
- Data cleaning
- Data profiling
- Data validation
- Data monitoring
- Data auditing
Data security and privacy
Data security and privacy are a part of the data governance framework that influences most other parts. This includes all measures taken to protect data from unauthorized access, ensure the privacy of all sensitive and personal data, and maintain compliance with the many laws and regulations related to data privacy and security.
In this part of a data governance framework, specific data privacy and security processes and procedures and guidelines for their implementation are detailed, such as access controls, data anonymization techniques, data encryption, and data loss prevention systems.
Data stewardship
Data stewardship supports data governance efforts by working with groups, departments, and external users to ensure that the policies and procedures detailed in the data governance framework are implemented correctly. Data stewards may also help with addressing data issues (e.g., access, quality, and security), including:
- Defining data elements
- Ensuring compliance
- Establishing and maintaining data quality standards
Regulatory compliance
Data governance frameworks help organizations with processes for identifying and staying on top of changes to compliance requirements related to data. It also includes guidance on specific data management practices necessary to ensure compliance.
The purpose of a data governance framework
The purpose of a data governance framework is to provide an agreed-upon set of guidelines for managing an organization’s data assets. Having a data governance framework in place can deliver a wide range of benefits that demonstrate its purpose, such as the following.
Data management
Data governance frameworks define key elements required for effective data management, such as:
- Accountability
- Data risk and privacy metrics
- Data-related vocabulary and semantics
- Key data elements (KDEs)
- Naming conventions
- Ownership
- Standards and norms
Procedures, processes, and rules
Data governance frameworks define key procedures, processes, and rules for a data governance program and support data governance for the organization by directing actions to help:
- Address data issues
- Build data catalogs
- Define rules for making changes to data
- Drive data literacy
- Eliminate duplication of effort
- Enforce data policies
- Facilitate communications and data sharing
- Highlight data quality issues
- Identify data owners
- Improve data quality
- Monitor data usage
- Protect data privacy
- Provision and deliver data
- Reinforce best practices
- Streamline workflows
- Support compliance efforts
Metrics
Data governance frameworks identify data-related metrics that should be tracked and reported on, including:
- Data growth
- Key performance indicators (KPIs)
- Key quality indicators (KQIs)
- Process efficacy and efficiency
Monitoring
Data governance frameworks provide guidance on data monitoring, such as:
- Data proliferation
- Data quality
- Data usage
- Risk exposure
Data governance vs. data management
Data governance
Data governance focuses on policies and procedures for handling data, including:
- Who has ownership of which data
- Who can access the data
- Whether given data is subject to privacy laws or other regulatory requirements
- What the security requirements are
- What are associated data retention and deletion policies
- How data is stored
Data management
Data management focuses on how data is handled throughout its lifecycle and includes:
- Data architecture deployment
- Data model development
- Data creation, processing, and storage
- Data integration into a data warehouse or data lake
- Data quality checks
- Error resolution
- Data governance implementation
Data governance frameworks and compliance
Regulatory compliance and data governance frameworks go hand in hand. Ensuring that data practices conform to regulatory compliance requirements is one of the main functions of data governance frameworks.
A robust data governance framework provides guidance in key areas, including:
- Access controls
- Data privacy
- Data quality management
- Data retention and disposal policies
- Security
Data governance frameworks and the GDPR
In 2016, the European Union adopted the General Data Protection Regulation (GDPR), a privacy regulation with strict rules about how personal data can be used and measures that must be taken to protect it. The GDPR brought into high relief the importance of and need for data governance frameworks.
Among the GDPR requirements that drive the need for organizations to employ a data governance framework is the mandate that any organization that handles an EU citizen’s personal data must be able to answer specific questions about how it handles data ownership.
These questions include:
- How is data ownership assigned within the organization?\
- Is the ownership of data single-point or collaborative?
- What measures are in place to protect EU citizens’ personal data?
- What processes are in place to handle data at the end of its lifecycle?
- Where does EU citizens’ personal data exist across the organization?
Data governance framework examples
Two examples of vendor-neutral data governance frameworks include:
Five examples of data governance frameworks include:
- Bottom-up data governance frameworks
Data governance practices initiated and implemented at lower levels of an organization spread to higher levels and become standards, such as creating templates for naming conventions. - Centralized data governance frameworks
Data governance is led by an individual in the organization who has been designated the lead or a dedicated team. This person or team takes responsibility for implementing a data governance framework. - Decentralized data governance frameworks
Data governance is handled by a committee that develops and manages the organization’s data governance strategy, with functional areas of the organization creating and managing their data sets and controlling the distribution of their information. - Top-down data governance frameworks
Data governance is driven by the organization’s leadership team, which takes responsibility for implementing data governance policies and passing them down throughout the organization. - Hybrid data governance frameworks
Data governance decisions are made at different levels of the organization that follow a centralized data governance framework, with groups operating semi-autonomously, developing standards, policies, and procedures that best fit their requirements.
What is a data governance maturity model?
A data governance maturity model is used to guide the rollout of a data governance framework. It consists of stages that help organizations establish objectives for implementing a framework and set a course to achieve them. It also provides a standard for measuring the organization’s progress toward its goals.
There are many versions of data governance maturity models. Following are the stages that are common to most of the models.
Unaware of data governance frameworks
The organization is unaware of the importance of a data governance framework, so no actions are being taken regarding one. Any data governance processes are ad hoc and not standardized.
Aware of data governance frameworks
The organization has become aware of the importance of a data governance framework. Having implemented and documented data processes and created an inventory of data sources, the need for a framework has become clear, stakeholders and decision-makers are informed, and goals are being established.
Reactive use of elements of a data governance framework
The organization has begun to lay the groundwork for a formal data governance framework. Systems are in place for information management, but adoption is not universal or formalized.
Proactive use of elements of a data governance framework
A data governance framework has been created with rules and policies defined and documented. Data owners and data stewards have been identified, and a data governance committee has been established. The framework is being applied across most areas of the organization.
Implementation of a data governance framework
A data governance framework has been fully implemented, with its policies and rules enforced across the enterprise. Formal training around the framework has been rolled out. Data is being measured for quality and depended on to inform strategic decisions. With the performance data being collected, deficiencies and areas for optimization are being identified.
Optimization of a data governance framework
The data governance framework is continuously monitored and optimized to improve efficacy and efficiency. Redundant workflows are eliminated or redesigned. Data is being tagged to increase discoverability. Data is viewed as a strategic asset, and the data governance framework is deemed critical to the success of the organization.
Data governance challenges
Data governance frameworks help organizations address a number of issues related to data management and maintenance. Overcoming these challenges helps eliminate issues that can hinder data governance and negatively impact data accuracy and security.
Data silos
Data created and stored across multiple systems or departments can lead to inconsistencies. This data sprawl can make it difficult to implement and maintain effective data governance.
Data quality issues
Poor data quality, such as inaccuracies or inconsistencies, can complicate decision-making and require significant resources to clean and standardize.
Regulatory compliance
Ensuring compliance with regulations like GDPR, HIPAA, and CCPA requires rigorous controls. Applying the appropriate controls across disparate data sources and data management systems can be complex and resource-intensive.
Lack of clear roles and responsibilities
When data management programs are not well developed, organizations often lack clarity around data management roles and responsibilities. Not having data-related roles and responsibilities clearly defined results in a lack of accountability, which causes data governance gaps and inconsistent data management practices.
Resistance to change
Failing to include culture change mechanisms in data governance plans often results in resistance from employees. In these cases, data governance programs are met with resistance by employees who do not want to adjust to new workflows.
Best practices for using data governance frameworks
Following best practices for creating and implementing data governance frameworks helps overcome challenges and expedite returns on investments. Several widely adopted best practices include:
- Define clear goals and objectives, such as improving data quality, ensuring compliance, or enhancing data accessibility.
- Align the data management framework with organizational priorities.
- Assign data management roles and responsibilities to specific individuals or teams to ensure accountability for data quality, access control, and compliance.
- Develop and enforce data standards and policies for data entry, storage, and usage, including guidelines for maintaining consistency and quality across all data processes.
- Implement data quality controls, including regular monitoring and cleaning of data to address errors, inconsistencies, and duplicates.
- Ensure data privacy and security by incorporating security protocols and controls to protect sensitive data from unauthorized access.
- Foster a data-driven culture with employee education and awareness that focuses on the importance of data governance.
- Leverage technology, such as data governance software, to automate data classification, lineage tracking, and compliance checks.
- Choose scalable data management systems that can handle changing data processing and storage requirements.
- Review and refine the data governance framework components regularly to continuously improve systems and processes and adapt to changes in regulations, technology, and business needs.
Data governance frameworks deliver value
A data governance framework makes data quality achievable by any organization willing to put in the effort. Using a framework ensures that data is properly managed, quality controls are adhered to, and organizations meet their compliance obligations.
