The Challenges of Governance and Compliance in a Data-Driven Economy

By Michael Queenan, Co-Founder and CEO at Nephos Technologies

Delivering on the transformational value of data is rapidly moving up the list of priorities for organisations across the burgeoning digital economy. As investment increases in data strategies designed to improve business decision-making and performance, it also brings additional responsibilities to properly use and protect information that may be confidential, personal or commercially sensitive.

This has resulted in a significant and ongoing shift in the way organisations approach data governance and compliance. But increasingly, many encounter some critical and expensive obstacles that seriously limit their ability to remain within the rules across their data assets.

As a result, organisations the world over are finding their data governance efforts are more complex and frustrating than they expected. But, without an effective approach, delivering on compliance and business objectives is by no means guaranteed. In fact, a recent Gartner report – “The State of Data and Analytics Governance is Worse Than You Think” – found that a quarter of those surveyed achieved nothing they set out to accomplish with data.

On a more practical level, some organisations decide they need to act, but don’t know where to start. Others launch a data strategy with the intention of running it in-house, but struggle with expertise, skills shortages and delivering usable outputs. Or, having taken the decision to focus on data governance, organisations immediately focus on outcomes without first addressing the need for effective data discovery and classification.

For example, teams with the responsibility for delivering data governance will often assume that there are tools out there that can be given access to data sources to analyse and identify governance violations instantaneously. In reality, this process is impossible without first understanding what is being looked for in the first place. The net result is that it’s unlikely governance initiatives will deliver any tangible results or benefits.

Therefore, it’s vital that data governance best practices should first define what data classification looks like for each unique situation. Customer data, for instance, will be held in different locations and databases in every organisation, but good governance is only possible if this data is correctly identified and classified. From that point onwards, it becomes practical to apply gap analysis to understand whether there are violations, such as misclassified data or residency issues. Without it, any attempts at data governance are going to be made much harder from day one.

The list of potential pitfalls goes on. There are those organisations who have invested in data governance tools, but find they don’t know how to drive business value and outputs or those who progress further, but are subsequently impacted by unoptimised gaps in their approach. Whatever situation develops, the knock-on effect on governance and compliance strategies that don’t work can be extremely serious.

In contrast, data governance that is effectively planned and delivered is not only beneficial for compliance, it also offers huge potential for improving business performance. According to a report by McKinsey, “Leading firms have eliminated millions of dollars in cost from their data ecosystems and enabled digital and analytics use cases worth millions or even billions of dollars. Data governance is one of the top three differences between firms that capture this value and firms that don’t. In addition, firms that have underinvested in governance have exposed their organizations to real regulatory risk, which can be costly.”

The Rise of the ‘as-a-Service’ Model

Data governance is a complex process, taking in everything from data quality, master data management and the challenges presented by encryption, to choosing the right technology tools and the enforcement of policies.

The problem is, organisations generally cannot address every issue and requirement at the same time. Most simply don’t have the insight and oversight to establish and maintain effective governance and by definition, compliance, while many others focus on short-term standalone data projects, rather than the benefits of a long-term, holistic strategy.

In order to embrace data governance as a positive route to business improvement and robust regulatory compliance, organisations are looking to the ‘as-a-Service’ model to meet the gaps in their capabilities, experience and technologies.

Indeed, the emergence of Data Governance-as-a-Service (DGaaS) is bridging the gap between objectives and results. In doing so, it’s an approach designed to take the risk away from investments and deliver the strategy and proven technologies required to ensure data governance projects succeed.

In a broad range of circumstances, DGaaS can be applied to deliver good data governance. Take ubiquitous data discovery and classification, for instance, where software tools are used to scan all data wherever it might reside within potentially highly complex data infrastructure. Without this detailed insight, organisations are frequently unable to identify their data assets, if they are mishandling data – and by definition – understand their levels of compliance.

DGaaS also focuses on effective process creation and documentation, enabling organisations to drive their governance objectives through to execution. This also removes the operational and expertise requirement overhead, leaving them free to focus on creating value from their data. In doing so, organisations acquire the ability to take the raw outputs from the toolsets and turn them into tangible business outputs which is the next phase in the evolution of data governance.

As a result, teams can approach the planning, design and delivery of a data governance strategy focused on their core objectives. Instead of hitting implementation roadblocks or experiencing the frustration of failed investments, governance and compliance become part of their standard set of operational processes, with technology acting as an enabler.

In today’s data-centric economy, organisations are increasingly faced with a big decision: embrace the opportunity effective governance offers to deliver business growth, innovation and compliance, or risk the penalties imposed by regulators if they breach the rules.

Data Governance-as-a-Service, however, is designed to liberate organisations from the resource and technical limitations that cause so many projects to fail and data breaches to occur. Instead, it allows them to focus on the transformational potential of data while also delivering on compliance.

About Author:

Michael Queenan is the co-founder and CEO of consultancy-led data services integrator, Nephos Technologies. A decade ago, Michael and his business partner Lee Biggenden identified a gap in the data market for a services led integrator to guide the largest organisations through the complex process of data strategy, governance and analytics. They believed this expertise would enable their customers to drive business growth, compliance and insights from their data assets.

In 2012 he founded Nephos Technologies with Lee, to provide true expertise and value around data integrity and challenge organisations to think differently about one of their most valuable assets. As CEO, Queenan plans Nephos Technologies’ future strategy and direction, identifying trends 24-36 months ahead of time and building centres of excellence to deliver on those trends.