When helping my clients implement a Data Quality Issue Management Process I always come across resistance to implement the process. Even when it is up and running some stakeholders come up with interesting reasons why they don't need to use it.

The most obvious one of course being that all their data is fine so there is nothing to report. Now I am optimist in most things but experience has taught me to be a little more realistic when discussing organisation's data and although in such circumstances I really want to believe them, experience tells me that that is unlikely to be the case.

An amusing situation I have come across is that the data was wrong but they don't know what was exactly wrong with the data, so they won't report it as an issue! Others include things like: "but it's a process that needs to be fixed not the data, so I won't report it as a data quality issue" and "it's not that there's a problem with it, it's just not there"!  There have also been numerous occasions when I have been told "but we have a work around for that, so don't need to report it".

Now dealing with stakeholders and the obstacles they throw up when you are trying to implement a data quality issue resolution process is exactly the kind of thing I like to write blogs on.  I'd really appreciate your input in sharing similar such comments that you have experienced, so that I can identify the common themes and then share some tips and advice on how to deal with the most common push backs!

In the meantime you can read my free report which reveals why companies struggle to successfully implement data governance.  

Discover how to quickly get you data governance initiative on track by downloading this free report

Robin Stielau is the IT Director with Brady Corporation, Milwaukee Wisconsin. Robin has  been with Brady for 33 years and is currently accountable for the enterprise global technologies that enable Sales, Marketing and Customer Services, global PIM (Product Information Management) capabilities and global master data governance.

How long have you been working in Data Governance?

I have been directly accountable for master data governance at Brady since 2015. 

Some people view Data Governance as an unusual career choice, would you mind sharing how you got into this area of work?

What motivated me to accept responsibility for master data governance was the obvious business need and my passion for improved data. I had a very clear vision of how to go about getting it.  Master data governance was the responsibility of a central team outside of IT. Changing circumstances at Brady presented me with the opportunity to get involved and I requested the data governance function be moved into IT under my direction after which it was.

What characteristics do you have that make you successful at Data Governance and why?

I call it a lack of ego. That doesn’t mean that I don’t have one, but one of the most important characteristics of success in governing data is recognizing and staying true to the fact that the data governance team does not own the data or decisions surrounding it. The reason we exist is to facilitate and hold those who do accountable. We are servants to the methodology. Facilitation skills are critical. Bringing together owners of various data domains with data consumers on a regular cadence to address data requirements, what healthy data looks like and how to measure it, improvement roadmaps to correct or complete data and data processes and to eventually provide visibility to improved business outcomes based on more accurate, complete and timely data.  Passion, commitment and grit as governing data is never ending.

Are there any particular books or resources that you would recommend as useful support for those starting out in Data Governance?

• Nicola Askham is a great resource. In a world of information overload, I found her communication on the topic to be most helpful in understanding what data governance was and wasn’t; her communication is clear and straightforward.
• Talking with as many peers and experts as possible at conferences and other business meetings
• Blogs, whitepapers.
• Stibo was a great resource to me (our PIM is a Stibo product, STEP)

What is the biggest challenge you have ever faced in a Data Governance implementation?

My biggest challenge was to change the perception in Brady of what master data governance is and is not. Previous data governance management was more involved in making decisions regarding master data as well as changing data the governance team felt needed to change. This was damaging to the program as business data owners were not making decisions nor were they always in agreement with the changes. “Under new management” – we changed this.

We occasionally have challenges with overloaded data owners or wrong people identified as data owners. Data owners can’t be by name only or any person that has some capacity, they have to have some skin in the game and be committed. If not, we force a change.

What single piece of advice would you give someone just starting out in Data Governance?

It’s a long term journey, not a race. Having strong executive sponsorship is definitely helpful.

My most memorable experience with data governance was the “ah-ha” moment one of our key business leaders had when shown the negative customer experience on one of our websites resulting from bad product.  In this case it was a size attribute for one of our key products; a set of signs.  The size had been entered on signs within the set in multiple (non-standard) ways; 7 x 10, 7 in x 10in, 7 in L x 10 in H, etc. Unfortunately all of the non-standard sizes appeared in the left hand navigation on the site. It presented a horrible experience for our customers and was the direct result of non-standard master data.

We now had a believer in the value of good master data. I use this example often when explaining the value of standard, accurate master data.

Having read my interview with Robin you can also read my free report which reveals why companies struggle to successfully implement data governance.  

Discover how to quickly get you data governance initiative on track by downloading this free report

Charles Joseph has recently set up as a data governance consultant, Datazed, following fifteen years working in consulting, compliance and insurance.  Charles sees data governance as the foundation of being able to make good data-led decisions.

How did you start working in Data Governance?

 It was a journey that looks logical in hindsight, but wasn’t at the time!  I started as a graduate consultant at Deloitte, got involved in a project to help the internal compliance team roll out a suite of new systems, and eventually focused on the data that supported those systems.  By this point, my three week assignment had gone past nine years!

I was then headhunted for a role at Beazley, which is a specialist insurer in the Lloyd’s of London market, on their data workstream for Solvency II.  That was in 2011.  At the end of 2016, I decided that I wanted to work for myself and incorporated as Datazed Ltd.

What are your plans for Datazed?

Having spent my working career at just two organisations, I’m really excited to be getting out into the wider world and working with lots of different people to help them with their data challenges and opportunities.  This could range from a review of their existing approaches, all the way through to creating a data strategy and managing its execution. Anyone who could be interested in this should contact me via my website or LinkedIn.

I’m also partnering with some software vendors in the data space.  What’s really great is that these partnerships are not exclusive, as there is an appreciation that the solution has to be right for the client.

You can find out more about Datazed at www.datazed.co.uk

Are there any particular resources that you found useful support when you were starting out?

When researching for the Beazley role, I realised that I had done a lot of data quality work, but without the structure around it.  Ken O’Connor’s blog and Dylan Jones’ dataqualitypro.com were particularly helpful. 

What is the biggest Data Governance challenge you have faced so far?

Once we had delivered on the Solvency II work, we naively felt that we could strip off the gold plating of S2 and deliver some really useful data processes to the rest of the business.  The almost total lack of buy-in from those other departments made me realise that we had to work much harder on selling these ideas and benefits.

The other memorable challenge was the first time I presented to an audience on the subject of data governance.  It was nerve-wracking to expose my own opinions and ideas to people working in the same industry – but it’s an incredibly good way of making sure that you fully understand those ideas and that they make sense.

What advice would you give someone just starting out in Data Governance?

Pick your organisation very carefully.  There are many organisations with data teams, but few of these roles are similar when you actually see the job specification. 

Look for a manager or leader who, when you meet them, is passionate about what data can do.  Then be that passionate yourself.

I learned a lot about data governance from the material shared by experts in the field – I mentioned Ken and Dylan’s websites above, but there also plenty of groups on LinkedIn in our area, some of which have some great insights and discussions.  This inspired me to go on and do a few Pulse articles myself.

What do you wish you had known or done differently when you were just starting out in Data Governance?

Periodically, there will be doors that can be pushed open to get good data practices in place.  This might be regulatory (e.g. Solvency II, GDPR) or project based (e.g. a Finance Transformation Programme).  These opportunities do not come along often, so exploit them as much as you can.

Discover how to quickly get your data governance initiative on track by downloading this free report

With a number of my clients, I am finding that I am getting increasingly involved in their GDPR Projects as having a good Data Governance Framework helps you meet some of the requirements of GDPR.

GDPR impacts everyone who holds personal data so I thought I would ask Tejasvi Addagada to provide a useful overview of the subject:

It is imperative that the privacy needs of EU residents must be harnessed through GDPR by 25 May 2018. Moreover, GDPR necessitates coverage of private information that is processed by any organisation, across the globe. This means every organisation with global presence must embrace these privacy requirements. Regulatory landscape is fast evolving while also requiring firms with global operations to adopt the highest regulatory requirements from a region that can be leveraged as preparedness in other regions.

Privacy is not only a requirement from GDPR, but is also a major driver from an organisation’s perspective of risk. Most of the personal information collected for years now is vulnerable to threats and events of malicious theft, accidental disclosure, failure in appropriate design and usage. Today, protecting an organization’s reputation is the most significant risk management challenge. Negative publicity to a firm, will cause a decline in the customer base, reduce revenue and lead to costly litigation.

Privacy is not a new dimension that firms are planning to embrace suddenly. Most mature organisations have Information Privacy and Data Privacy clearly delineated and accounted for by stand-alone division in a firm. In my experience, I have seen Information privacy aligned with the Technology Risk function while Data privacy, as predictable, lies with Data Management and Governance. There are a couple of good articles that brief on the way forward for “Privacy as a dimension” within Data Management.

I was on a holiday this week, to Wayanad, a hill station in Kerala that boasts plush landscapes, streams and the native culture of the locals.  I booked the hotel on a travel app, which for sure has collected my personal information. This data has been shared with restaurants owned by the same group that gave me offers and requested feedback for every dining experience. Sadly, the hotel doesn’t have a travel desk, but using his contacts, the desk manager fixed our local travel arrangements. Further, the Government forest division that manages the tourist destinations collected my private data for accounting and safety, at 5 destinations. In a span of 3 days I know there is redundancy and various levels of data that is collected by various organisations. When I asked the hotel on the management of the private information they were not sure on any procedures that exist today. Further, most of the data exists still exists in paper.

Most financial organisations embracing data management and governance have, for some time now, integrated Data Privacy and Security as an integral dimension. Working with these firms, I can say that they are prepared for GDPR. There is a Governance function that directs, monitors and evaluates while also enforcing accountabilities through ownership and data stewardship and ownership. On the other hand, a percentage of other organisations have some level of privacy management capabilities customised in the form of projects, for specific needs.

GDPR stress on the responsibilities, accountabilities, and evidencing the controls for privacy.

Here are ten simple steps to get started –

1)    A current capability analysis must be performed to understand the people, process and technology capabilities in place to collect, process, manage privacy and security controls for Personally identifiable information of customers and employees. This will be much easier if data privacy management is already an integral dimension, embraced by a Chief Data Office.

2)    The firm must draft a data privacy policy to ensure enforcement of compliance with mandatory regulatory, internal compliance, best practices, legal and ethical requirements along with the need for managing risks. These aspects must be clearly embedded into the privacy policy to provide guidance to personnel. This assists the personnel in carrying out any activity that includes private and confidential information. It is suggestable to understand the needs for privacy and options to achieve privacy management, before embarking on a full-scale implementation. Data Management Strategy must be developed to include Data Privacy management aspects leveraging current capabilities assessment. Data Management Strategy and Privacy Management must be aligned with organisational objectives. In addition, the target control environment and organisational structure for Data Privacy and Security Management must be defined including the identification of a privacy officer etc.

3)    From the current capability analysis, understand the “Direct Client identifying” and “Indirect client identifying” data that is collected and processed by the firm. There is a difference between a privacy and security classification. If the firm doesn’t have classifications available it needs to engage with the risk function to baseline the levels of allowable privacy classifications. Based on the same the council and data stewards can enable the data owners to classify the data that they own.

4)    It is much easier to manage the data if it is logically classified into domains based on its business characteristics like the customer domain. Likewise, employee personal data can also be classified under a human resources domain. Further, based on current need, a dataset or a sub domain can be classified as customer preferences that would make it much easier to manage data related to customer consensus like opt-in/opt-out.

5)    Through Governance function, the chief data office ensures that ownership of data is aligned, data owners are accountable, stewards are made responsible for enforcement of activities related to privacy management. Further, these roles would be updated in the data glossaries and dictionaries through Metadata management. Once data ownership is enabled the existing privacy classifications for customer and the employee data can be actively managed. This also sets the context for the data owner in capturing entitlements (control requirements) across the data lifecycle. From a risk perspective, these activities play a key role in strengthening the 1st line of defence in the firm.

6)    Based on the plan for implementation of controls for data privacy, projects must be sponsored and roadmaps must be put forth, perhaps timeboxed to meet regulatory timelines. Once the controls are in place, their existence along with KCIs, KRIs need to be captured as Metadata in a glossary. This strengthens the evidencing aspect of the regulation. Further, the control indicators and risk indicators must be aggregated as scorecards for reporting to board regulators.

7)    The firm must embrace “Privacy by design” mainstream by having to operationalise policy in every change (projects). This ensures that every new capability or change to existing process, system or organisation structure is assessed for privacy impact, controls and best practices ensured and recorded.

8)  Data privacy management must ensure that all privately classified data elements are classified, recorded for entitlements, security controls for privacy included Eg: deanonymisation, masking based on context, encryption, transfer contracts to name a few. Entitlements and controls must be recorded as Metadata in glossaries.

9)   The controls for securing private data, are established at a data service level wherever applicable rather than at an application level. The divisional and governance forums ensure that the guidelines for data controls are placed for new changes and changes to existing capabilities. Once the Privacy Impact Assessments are performed, the gaps are analysed and a program focusing on establishing a control environment for such data domains is commissioned in line with the funding model. Any non-adherence to establish controls should be signed off by the governance council with adequate evidence to bypass the controls. The level of controls includes administrative (process), technical and physical controls to secure Private data.

10) Data Privacy cannot function alone and would require close integration with other dimensions including Metadata, Data Quality, lifecycle and risk management.

a.    Metadata management is a major enabler to classify data into domains and assign privacy classifications.

b.    The data quality function ensures that integrity of data is maintained while data privacy and security ensures that modification is being performed by designated roles. Further, the currency and accuracy of personally identifiable information must be ensured.

c.     Data Lifecycle management simplifies the data landscape allowing the firm to understand - Which system or personnel or process collects a data element like tax number? Where else does tax number flow in its processing? Where is it stored, transformed, decayed? Which process or personnel or system applies tax number and for which purpose?

d.    The Data risk management ensures adherence to regulatory needs including privacy assessments, risk scoring, control assessments, risk event or privacy incident reporting and escalation. It also ensures that there are policy self-assessments and identification of blanket in-flight risks along with risk evaluation and response.

Having read this article with Tejasvi you can also read my free report which reveals why companies struggle to successfully implement data governance.  

Discover how to quickly get you data governance initiative on track by downloading this free report

Tejasvi Addagada is a Data Management and Governance consultant with nine years of success in assisting clients, develop and optimize data governance solutions. Tejasvi has worked with the top ten major global financial service providers by providing a wide range of services including strategy analysis, data analysis & architecting, service rationalization, digital transformation and process excellence. Tejasvi has diverse experience in the areas of consumer banking, commercial banking and capital markets. He has served as a process and domain consultant for the top ten major banks while receiving several accolades for the success achieved.

Now, he is delivering his services to a major investment management firm as a principal data consultant in the Data Governance Office. Before this stint, he has worked with two major banks in setting up and orchestrating data governance services from grass roots.

Tejasvi is an avid thought leader in the industry. He likes to connect with other thought leaders while blogging on the technological and business advances. His write ups address common challenges and opportunities that the firms need to tackle to make their way forward in the industry. Apart from that, he is an abstract painter and an art enthusiast and likes to spend time with family.

Tejasvi can be reached at tejasvichand@gmail.com