I've been lucky to work beside Alex Leigh with a number of clients over the past few years and love working with him as our skills sets are complimentary. Recently I've received a lot of questions on Data Sharing Agreements and I thought that Alex would be the best person to shed some light on this topic. This is what he had to say:

What are data sharing agreements and where do they fit in a Data Governance framework? On first analysis, it’s not obvious that they do! However, they are relevant when we consider the scope of that framework.

The production, manipulation and use of data outside of our organisations are often forgotten when considering data quality. We focus on internal ingress points which are mostly controlled through our own stewards and producers.

This can be a dangerous assumption as external data is far more common than we might think. It fits into two distinct areas:

- Additional data sets. These are often paid-for datasets which augment or enrich what an organisation internally holds.

- Collaborative data sets. These are mostly found in areas of shared working with other organisations. Research data is the most common of these.

A data sharing agreement (DSA) can be thought of as a data ‘passport’ assuring the quality and integrity of the flow between external and internal organisations.

This all sounds promising until we realise there is no standard data sharing agreement. This isn’t surprising when you consider the breadth of any such document. It may have a very narrow focus on data quality or a wider one including security, frequency, single or two-way flow etc. So we can see a DSA must be aligned with the business value of the data being shared.

Regardless of the breadth, any successful DSA must include:

- Quality rules and tolerances. This covers off exactly what data we are sharing, what quality expectations (both schema and business rules) are we ‘signing up’ too and how that quality is being jointly measured.

- Accountability. The bedrock of any DSA! Who is accountable for the data and at what point – if any – does this change from the external to the internal organisation.

- Breach protocols. How is that accountability used in an operational environment when the quality rules are breached?

To meet these three criteria, any DSA needs an agreed measurement and management approach. Without this, it is nothing more than a worthless paper exercise.

Now we’ve established that creating and managing a DSA is an important consideration in any Data Governance framework, where do we start? We recommend two approaches; firstly see what is being used at the moment in your organisation. It may not be fit for purpose, but it will be a basis to build on.

Secondly, consider talking to your Data Protection Officer. While the DPO will be focused primarily on Data Privacy Impact Assessments, they will have experience of working with external organisations and their guidance will certainly support you in developing new DSA’s.

You may even be able to integrate the quality and associated criteria into existing documents and processes. This is an excellent example of where Data Governance can be in support of organisational capability. And that can only be a good thing!

In summary, a DSA is not a ‘quick thing’. It needs careful consideration both in terms of development and how it will operate in practice. Done properly though it will extend your Data Governance framework outside of your organisation potentially saving much time and frustration.

If you'd like to know more about how Alex and I can help your organisation implement Data Governance (and get DSA's in place) please get in touch here.

First of all, you might be wondering to yourself, what is the ‘three lines of defence’ model? Well, it's something that is commonly found in financial services companies, but I have seen it elsewhere, and is typically made up of exactly three lines of business.

So first of all, think about what the first line of defence is considered to be in your business. Generally, this includes the people who do whatever your organisation does: whether that's making things, selling things or running a bank or an insurance company - they're the people doing what your company does.

The second line of defence are the teams that tend to set the rules by which the first line run the business. So, these are people like your Legal team or your Compliance team. They're the people interpreting external regulations and working out what your company has to do in order to comply with them. These teams will also include operational risk.

Now, the third line of defence is where you have your audit. This is either an internal or external audit, which scrutinises the first line of defence who are running the business and makes sure they are doing their jobs in accordance with the rules and policies set by the second line.

So, now on to the most important question - where does Data Governance fit in all of that?

Well, that’s a really interesting question and, you may be surprised to learn that I'm not sure it does nicely fit with this. However, since I have done a lot of work in financial services over the years, this is something I've had to figure out a number of occasions.

I think it's fair to say that more often than not, data governance ends up somewhere in amongst the second line of defence - often sitting alongside an Operational Risk Team. 

Now, it works pretty well there, as long as you remember that a data governance team doesn't just write the rules and then toss them over to the business to comply with. A data governance team is very much supporting the first line to write their own data rules. So a data governance team isn't really writing the rules at all, they're helping and facilitating the first line in writing their own rules.

It’s subtly different, and I have worked for a few organisations that have described data governance as perhaps sitting somewhere in the middle of the three lines of defence, around "one-and-a-half", rather than data governance sitting purely in the second line or purely in the first line.

There is another way of thinking about it. I was discussing this with an Operational Risk Director working within one of my clients fairly recently, and he said he felt that perhaps there was a 1a) and a 1b) in the first line of defence, whereby 1a) are the people doing the work and 1b) are perhaps the data governance team, because they don't set the rules.

Therefore, perhaps it should be considered that the data governance team are sitting in the business helping them run better, but that they're possibly considered 1b) because they're one step back from doing the business itself. They're just helping the business run better by helping people manage their data better.

Don't forget if you have any questions you’d like covered in future videos or blogs please email me - questions@nicolaaskham.com.

Or you’d like to know more about how I can help you and your organisation then please book a call using the button below.

This week I am very pleased to welcome Alexander Akinjayeju to write a guest blog. I mentor Alex through the DAMA UK mentoring scheme. He has an extensive background in Data Security and has moved into Data Governance. When helping clients implement Data Governance I often end up liaising with their Data Security Team. During our mentoring calls we have discussed the relationship between the two data management disciplines and Alex explains it so well that I asked him if he would be willing to write a blog on the topic:

Cyber security is the sexy term for information security; it may also be used inter-changeably with other scope specific areas such as IT security or digital security etc. The keyword here is “Security” of information in whatever format or scope it is presented be it Cyber, Digital, IT etc. For the sake of this write up, I shall use the generic term “Information Security”.

Information security discipline can be seen as a science or as an art depending on your point of view or context.

Science is defined as “A systematically organised body of knowledge on a particular subject” while Art on the other hand is defined as “A skill at doing a specified thing, typically one acquired through practice”. A core concept in Security is the threat of an “enemy” willing to steal, disrupt or otherwise make information invaluable.

Information security is an organised body of knowledge (Science) on the protection of information, often involving fighting wars with internal and external enemies (Art).

The subject of Information Security concerns itself with the protection of the Confidentiality, Integrity and Availability attributes of Information assets.

Data Governance (DG) is defined in the Data Management Body Of Knowledge as “The exercise of authority, control, and shared decision making (planning, monitoring and enforcement) over the management of data assets.” It is part of a larger discipline that has traditionally been called enterprise information management (EIM).

What’s the link between Information and Data you may ask; the illustration below sums in up.

Knowledge and information is everywhere, it is converted into multiple formats such as data, audio, pictures etc for usage. Data and inherently the information it conveys is used in business processes and interacted with by humans, transported through physical papers, computer hardware and networks and stored in computers (files, applications and databases) throughout its life-cycle. Data is also now being extensively used in Artificial Intelligence and machine learning to create new devices and tools while at the same time driving process efficiency across all areas of human endeavors.

There is no gain saying that Data is valuable to many organisations including non commercial ones such as the military or public services, particularly more so in the current digital age revolution where Data is said to be the “New Oil, we even coined a new word “Big Data”.  The illustration below shows the volume of data that was created every sending of the day in 2018.

The implication of this amount of data is that it drives the global economy which makes one to conclude that there is a lot of value in the data; traditional industries including banking and finance have been disrupted while completely new industries have sprung up in recent years, for example, Uber and AirBNB did not exist 10 years ago, neither of them own physical assets in their operating model; Uber’s revenue was over $14 billion in 2919 and AirBNB is valued at $38 billion. Guess what? Data as their main asset!

The remit of Information or Data Security is the protection of  the value of Information and Data assets!

There are a few stressful periods in the working life of a security executive

1.       Annual ritual of budget planning and decisions on the allocation of scare resources is a very stressful time for business executives involved in the process. The process involves a lot of data, numbers and logical articulation of projections for the coming year, this is about cost of security. However oftentimes the value of the data to be secured/protected is not often included in the discussion.

2.       Initiation of  strategic security programme either as an improvement or as a complete green field setup. These programmes are often driven either by compliance obligations or as a result of audit findings or general information security risk management.

3.       Identification and location of critical business data, the level of control required and the amount of resiliency required to ensure business continuity when disaster strikes. In order to search for an item the minimum requirement is that you know what you are looking for, perhaps a description or characteristics and other specific features.  

Prioritizing the most effective controls to deploy within the constraints of defense in depth principles. This challenge is premised on the fact that resources will always be limited, even nation states don’t have a bottomless pot of resources. It’s also a fact that some data and applications are more important and sensitive than others. When we prioritize there is always an opportunity cost of the things we forgo, therefore we want to ensure that we are choosing the right assets and controls to protect and deploy.

As you can see from the above list of items, none of the items are exclusive to the security function. At the heart of it all is the “Data” that need to be secured, if we don’t know the attributes such as characteristics and description, we cannot find it; if we don’t know its importance or criticality to the organisation we cannot apply a commercial/financial value to it neither can we prioritize it neither can we know whether it is within a compliance scope.

The Chief Information Security Officer and his team does not own the Data which it is expected to protect, he/she doesn’t know its relative value, nor does the team understand the risk appetite or tolerance of the firm without active collaboration with the business or stakeholders. The Security team cannot define the security attributes or level of protection a Data Asset requires.

The consequence of the above is massive! It causes either an inadequate or over investment in security, opaque decision making process, false sense of security, misuse of limited resources protecting low value assets at the detriment of critical assets as well as poor business resilience and disaster recovery planning among others.

The answer to all of these can be provided by Data Governance programme or function.

The need for collaboration between Data Governance and Cyber Security team is often critical particularly of Data Loss Prevention projects. It is an indisputable fact that modern businesses have a lot more data and data channels to contend with both structured and unstructured. Data is ingested from multiples sources and may be found on on-premise servers, in Cloud apps and storage, on users devices including mobile devices and smartphones and many more locations – the dispersal surface is forever widening. It is inefficient and way more expensive to expect the security function to effectively secure all data regardless of their sensitivity as their criticality is not known, part of the consequence in the high level of Data breaches frequently reported in the media, as resources are spread too thinly rather than focusing limited resources on the “Crown Jewels”

In my professional career I have seen time and again on different assignments that a lot of organisations don’t know where their critical data are stored, they have no understanding of its flow within the business or what business processes interact with them. These are the everyday issues that security people have to content with and often playing piggy in the middle between different departments to arrive at ad-hoc conclusions and decisions on data attributes. This approach leaves the business exposed to risks on many fronts

The Data Governance function would help Data Security function with the fundamental question of Data Attributes, it will provide the details of value to allow logical decisions to be made around managing security risk to the Data. In return the Security function will assist the DG function in deploying and operating controls to enforce its principles, policies and standards as well as monitoring for compliance. It is a WIN! WIN!

I recognize that Data Governance function is relatively young and evolving however, Information security function will do very well in engaging and collaborating where they exist, wherever possible the CISO may even suggest the establishment of one within their organisation.

I hope you found this useful. You can find out more about Alex on his LinkedIn profile.

What are they and do I need both?

"How do a data quality and data governance framework relate to each other?”I get asked this question quite frequently and I think it’s a really interesting one, so I’d really like to help you get to the bottom of it. I think the reason it comes up is because people have been doing data quality and worrying about data quality for many more years than they have data governance.And so, they feel very strongly that there are two different frameworks in action. Another common misconception is that the two are the same. This may come from a lack of understanding of what data governance really is, so let’s break it down…..

Is data governance the same as data quality?

The very short answer is no. Data quality is the degree to which data is accurate, complete, timely, and consistent with your business’s requirements. Data governance, in very basic terms, is a framework to proactively manage your data in order to help your organisation achieve its goals and business objectives by improving the quality of your data. 

Data governance helps protect your business, but also helps streamline your business's efficiency. It ensures that trusted information is used for critical business processes, decision making, and accounting. And so, if you think about it, data governance vastly provides a fabulous foundation for many data management disciplines, its primary purpose is to manage and improve your data quality.

To put it in much simpler terms, if data was water then…

-          Data Quality would ensure the water was clean and prevent contamination

-          Data Governance would make sure the right people had the right tools to maintain the plumbing.

So, why would you want two frameworks relating to data quality?

The simple answer is you wouldn’t. This really isn't a question about how you align two frameworks. You should only have one framework and data quality and data governance should be working in harmony with one another – not against or in opposition.

Data governance and data quality rely very much on each other, I usually describe the relationship between them as symbiotic, as their relationship is based on mutual interdependence. Therefore, of course, you need both! You would not want to do one without the other if you want to successfully manage and improve the quality of your data in a sustainable manner.

Sadly, in my experience, some organisations do not yet fully understand that you do need to do both. Whilst you rarely (if ever) come across a company that is implementing a data governance framework without the intention to improve data quality, it is fairly common for organisations to commence data quality initiatives without implementing a data governance framework to support them. Unfortunately, this leaves many data quality initiatives as merely tactical solutions that only have short-term results.

And, it doesn’t matter whether you call it data quality or data governance (because let's face it, some people really react badly to the term data governance) as long as it gets your business users engaged and understanding what that framework is about.

So, let's just have one data quality framework which encompasses the roles and responsibilities around data, and then there is nothing to go wrong, no duplication, no gaps between two different frameworks. Make this simple and make it sustainable.

You can see the video I originally did on this topic here and if you've got any questions you’d like me to address in future videos or blogs, please just email them in to questions@nicolaaskham.com.

I have known Abel through DAMA UK for many years now and have always been impressed by his passion for Data Governance, Data Management and for making complex things simple! So I decided it was time to ask him to share some of his valuable insights with you by asking him to do an interview for my blog.

How long have you been working in Data Governance?

About 7 years now, fully working in the Data Management space.

Some people view Data Governance as an unusual career choice, would you mind sharing how you got into this area of work?

Sure! Growing up, I had the opportunity to experience in Shell Royal Dutch Company, the value people, technology, and data bring to businesses. As a result, when I applied to study at the university, I wanted to study, a joint degree Human Resources (HR) and Technology. Due to the Chartered Institute of Personnel Development (CIPD), graduate membership accreditation requirement, I opted to study HR alone. My HR working experience, gave me a unique perspective about people and organizations. I am passionate about people, and the role they play in an organization. After the completion of the London 2012 Olympic and Paralympic Games, which I was part of the delivery team. I joined the HR Solution team in BAE Systems Naval Ships Business Unit. The company gave me the opportunity to join a Transformation project. One of the mandates for the project was to deliver Data Management (Governance and Quality) as a business capability for the Type 26 programme. This my first opportunity to work in the Data Management role. I was accepted for the role because of my business, people, and technical acumen. However, my passion for data and the opportunities data and technology bring was recognized. The Data Management Transformation project was successfully delivered from Proof of Concept (POC) to Business As Usual (BAU).

What characteristics do you have that make you successful at Data Governance and why?

This is a great question; I need to think about it a bit. I would say, willingness to learn, flexibility and adaptability to new environment and technology, attention to detail, ability to quickly understand people (emotional intelligence) and organization, able to understand the structure of power, influence, and control within team and organization. The ability to influence people positively, the ability to solve problem and provide practical solutions, and make complex things to become simple. Finally, I would say my work ethics, discipline and perseverance – have thick skin. In Data Management, having a ‘thick skin’, be adaptable, and able to influence people positively are essential attributes. I like Aristotle’s Rhetoric ancient Greek treatise called the ‘Art of Persuasion’ – Ethos, Pathos, and Logos. I apply it to myself, why because it is relevant for Data Management practitioners to demonstrate the three. Personally, it is important to communicate your value propositions and the value Data Management can bring to any organization.

Are there any particular books or resources that you would recommend as useful support for those starting out in Data Governance?

It is important for those starting out, to ensure they read the Data Management Book of Knowledge (DAMA Book).

They should read Keith Gordon’s book, Principles of Data Management and Robert S. Seiner Non-Invasive Data Governance book.

It is important, to read books like Games People Play by Eric Berne, Politics and Turf Wars by Patrick M Lencioni and Leading Change by John P. Kotter.

I do find Nicola Askham, Lara Gureje, Chris Bradley, Nigel Turner, Sunil Soares and Peter James Thomas resources useful.

There are various useful resources online such as Simon Sinek, Harvard Business Review (HBR), Mckinsey Global Institute, TED Talks, TDAN.com, LinkedIn Data Groups and BrightTALK webinars.

Finally, I will recommend my book title: 10 Tips to Successfully Deliver Data Management – (writing it now, so watch out for it, coming out later this year).

What is the biggest challenge you have ever faced in a Data Governance implementation?

This is difficult question because People, Communication and Change Management are the biggest. They are the biggest, but they provide incredible opportunities as well. Therefore, I love the Data Management profession – the challenges are great, but the opportunities are greater! As a result, you can be both effective and efficient. You can create and deliver tangible and intrinsic value from operational, functional, emotional and social values in the organizations.

Is there a company or industry you would particularly like to help implement Data Governance for and why?

I like to work in companies, where my daily responsibilities, ties into a higher meaning, to a purpose higher than myself. I like to work across industries, sectors and where possible countries. I would like to implement Data Management in some of the FTSE 100 and Fortune 500 companies. It is not about the list, but because they create massive impact across their supply chains, customers, industries, and sectors. It is not about implementation, but “successful” implementation of Data Management. Helping the company, to know, trust and confidently use their data. Subsequently, this can help the company, make money, save money, manage and minimize risks. Successful implementation of Data Management in these companies can enable high data standards and practices, data investment and leadership, data management literacy etc. – which is good for the profession.

What single piece of advice would you give someone just starting out in Data Governance?

Jump into the ‘data trench’ and get your hands dirty! Change is constant - it is important to understand and appreciate Data Management is an art and science. As a result, human psychology and relationship is very much important. The story of the three men digging a ditch - it is a valid lesson for Data Management practitioners which I do like to share. Yes, the three men had different answers for the question asked ‘why they are digging the ditch’ - the goal remain the same working to build the Cathedral. Yes, there are various aspect of Data Management – the goal should the same! Remember, the profession needs you, so make your contributions, as best as you can. Enjoy yourself, but if you are not passionate about it, find something else to do quickly.

Finally, I wondered if you could share a memorable data governance experience (either humorous or challenging)?

Let me think, oh I remember one, it was a challenging conversation I had with a senior colleague (in Data Management you will have challenging conversations). The colleague said, Data Management is not important (useless) – the business does not need the Data Management team to operate. Calmly, I made the point on why the Data Management and Data teams particularly useful for the business. For the business to know, trust and use their data confidently to make business decisions – Data Management plays a critical role because fundamentally Data can be a critical asset for the business – so governance is important!

You can find out more about Abel and connect with him on LinkedIn.

Someone recently asked me what questions I recommend asking in interviews for candidates for a Data Governance Manager role. It's been a couple of years since I helped a client with the recruitment process. I remembered a couple of questions that worked well but thought that since the data community are so supportive that this would be a great topic to collaborate on.  I asked on LinkedIn for people to share their favourite/recommended questions with a plan to create a great resource for both those recruiting and those preparing for Data Governance job interviews and this blog is the result.

Please feel free to use and share this resource:

‘Data Governance and you’ questions

• How did you come to be in the Data Governance arena?

• Give me your Data Governance elevator pitch.

•  How do you measure the success of Data Governance initiatives?

• Give me an example of how you went about implementing governance before and what you would do differently this time.

• How you get buy in for the Data Governance programs and how to onboard multiple streams for the data governance initiative

Skills and attributes questions:

• Talk to me about a couple of examples from your professional life where your 'desert crossing stamina' helped you to drive an initiative again and again to success despite being knocked down every other step 

• Give one example of how you overcame the obstacle of a fellow employee who was not interested in what you were trying to say ... even if you didn't win them over, what approaches did you try …

• Are you an emotional or a logical person? Then ask them to explain their answer.

‘Data Governance and the company’ questions

• What are the components / related pillars of Data Governance? Which would be most appropriate for this organisation and why?

• How would you use Data Governance to balance the business need to leverage our data and our compulsion to operate within the confines of regulatory requirements?

• What is your 30/60/90 plan for this position / company?

• What could Data Governance achieve in this company?

Data Governance Knowledge Questions

• What is Data Governance? Explain it to me as if I had never heard of it before.

•  Why is Data Governance important? /

• What is the difference between Data management and Data Governance?

• What does it look like when Data Governance is well executed?

• Who is responsible for Data Governance? Do you perceive Data Governance to be an IT driven process or a business driven process and why? What are the pros and cons of both? 

• How is data localisation going to affect the future of Data Governance?

• Explain a sample Data Governance road map for an organisation.

I hope you have found this useful.  Good luck with your recruiting or job hunting and if you have any questions you would like added to this list please add them to the comments below!

A while ago I wrote a blog about things you should consider when choosing the right software to help facilitate your Data Governance initiative, but once you have selected and purchased the tool do not assume that everything will now “just happen”. 

One of my clients was worried (and rightly so) that it was at this point of the project that mistakes could be made which would impact the successful implementation of their Data Governance tool.  I thought my advice to her may help others too:

Technical implementation considerations:

Firstly you need to understand exactly what support you will get from your chosen vendor so you can plan what additional support you may need for implementation.

Then make sure that you agree who is going to manage the technical implementation of your tool. Is it going to be an in-house project team or are you going to engage a systems integrator? If the former is the plan, you need to liaise with the vendor to be very clear on what technical skills training they have available. What do they recommend to make sure that your team are suitably skilled before starting the implementation?

 If you're going to use a third party to implement the tool, make sure you do due diligence to ensure that they understand the tool and have significant experience in implementing it. I have worked with organisations where a consultancy has been employed and they stated that they had experience in the tool.  However, it became clear that while the consultancy as a whole may have had the required experience, the consultants working for that particular client did not have any experience and were learning on the job.  This caused unnecessary delays and poor advice on what was and was not possible with the tool.

I also recommend focussing on one area or functionality of the tool for the initial implementation. Just because the tool has lots of features that doesn’t mean you need to implement everything at once.  Choose the most needed functionality and implement that first, then look to implement other features as needed.  Remember, at this stage, this is about giving your business users a tool to help them do Data Governance, not to confuse them with a complex tool and functionality they haven’t asked for. As your users become more comfortable with both Data Governance and using the tool you can implement more Data Governance requirements and tool functionality.

Post-implementation considerations:

It is never a good idea to implement a data governance tool over the whole of your organisation at any one time. So I recommend not seeing the implementation as a one-off project.

It is better to think of it as a phased process with the initial implementation being a pilot or trial. Once you have completed the pilot it is likely that the users and the Data Governance Team may want some changes.  This is common as you are introducing something new and not replacing an existing tool or process.  This makes it very hard to get your requirements exactly right on the first attempt.  So you may wish to make some tweaks to the setup of the tool before continuing a phased implementation across the whole organisation.

It could take a very long time to implement the tool fully.  You need to make sure that this is well planned and that you are constantly working out what the next phases are going to cover.

You also need to consider how you are going to keep the data in the tool up to date. I recommend that you have a regular review of the content, for example, an annual review where Data Owners look at the content for the data owned by them.  They can then either confirm that the definitions are still correct or, if necessary, provide updates to keep the tool up to date and useful for the business users.

How to roll out a data governance tool to Data Owners and Data Stewards:

As I mentioned in my previous blog about choosing the right Data Governance tool, it is essential that your Data Owners and Data Stewards (or at least a representative number of them) are involved in the initial implementation project. Often they have not asked for this tool and they do not react well to having the tool forced upon them.  It is vital that they are involved in the design stage, to make sure that it's set up in a way that is going to appeal to them and make them happy to use this new tool.

Even if your Data Owners and Data Stewards have been involved in the early stages, remember that doesn't mean they won't need additional briefing and training when the tool gets implemented.  I recommend having a section of your overall Data Governance Communications and Training plan dedicated to the implementation of your data governance tool.  This will include things like initial high-level briefings to explain what the tool is and why it will be useful to your organisation.  You will then need some specific focused sessions:

 ·     Sessions with Data Owners to tell them what they're expected to do with the tool and showing them exactly how to do it.

·      Sessions for Data Stewards which will be a little longer and more detailed as they will be doing the bulk of data entry and review of data in the tool.

Both sets of training need to be accompanied by some kind of user guide or aide memoir, to make it very easy for them to quickly check what they need to be doing once the training is over and they are using the tool for real.

Taking all the above into account may seem like a lot of undue effort when you just want to get on with implementing the tool, but doing so will make a huge difference over whether it is a success or not.

If you have other tips for a successful Data Governance tool implementation that I haven’t included above please let me know!

Earlier this year, in the days before social distancing, I was lucky enough to catch up Neil over breakfast and he kindly agreed to be interviewed for my blog. Neil is an independent data evangelist who has worked in large multinational companies from the early years of the data adoption. He passionately believes that everyone is a data citizen or as he says a ‘Citizen Steward’.

He views Data Governance like safety, it stems from individual behaviour, and how we shape that to form the day to day activities embraced as a culture.

How long have you been working in Data Governance?

In 1991 I began my data career before Data Governance was even talked about.

Somewhere around 2008 Data Governance started to become more of a mainstream activity with the software vendors adding the word Governance to their sales pitches.

I have always represented the business side of data, advocating that business stakeholders must be leading and supporting data initiatives. If I take the simplest aim of Data Governance to apply a consistent lens or approach to the use of data, then the business must take the lead.

Some people view Data Governance as an unusual career choice, would you mind sharing how you got into this area of work?

I didn’t deliberately set out on the data path as a career, I kind of fell into it. I was working in Finance and realized I was spending all my time as a spreadsheet jockey, which made me question my value. I was fortunate to be asked onto a major finance transformation programme as the reporting lead where data through the migration was critical to my success. Many years of data migrations through a progressive roll-out, and a very good mentor, convinced me there was a fledgeling career in data.

It wasn’t until 2005 that my Data Management role was formalised as the global MDM manager on an SAP finance transformation programme. Across the world, Master Data Management was an emerging discipline and I was lucky to be able to network with like-minded early adopters. 

It was an exciting time to be part of something new.

Back then 90% of the focus was on the technology and IT was wrestling with adoption across their businesses. It was a hard sell to land data as a discipline, and that remains true today.

But at the heart of any data initiative is the need to articulate what it is you are trying to manage and how you measure whether it is working or not.  Data Governance wasn’t seen as an enabler to the business processes, more a compliance and control regime which business areas could choose to adopt. To overcome these hurdles Data Governance needed a business lens applied with a focus on behavioural change.

So, in 2006 I started to develop the processes that would help the business to adopt and embrace Data Management. We now refer to this as a culture change, but it is a ‘hearts and minds’ challenge.

What characteristics do you have that make you successful at Data Governance and why?

Passion, integrity, honesty, resilience, patience, adaptability, storytelling, simplicity, and being able to talk to various stakeholders in the language that they feel most comfortable. I call it ‘talk business’.

Once you come to the realization that this is about changing people’s perceptions about data, how they contribute to its management and how they would benefit from making those changes, your approach becomes far more tactile. I cannot understate the importance of developing soft skills. And like any relationship, you must adapt your style to different personalities. For example, at C Level, the message needs to grab their interest in the first 30 seconds which means presenting a concept, with language that supports that message.

I always put myself in the position of the recipient and try to anticipate what I would want to know and ask, how they think, their pet subject, things that would influence a positive discussion.

I use an ice breaker unrelated to the data narrative because Data Governance will challenge their beliefs and I am trying to develop a relationship that creates trust and ultimately influence.

At the end of the day, each of us develops our own styles through trial and error. Go with those that you feel most comfortable.

Never underestimate the power of WIIFM, what’s in it for me. Understanding those personal drivers of your stakeholders and how they would benefit from Data Governance will be fundamental to your success. 

Are there any particular books or resources that you would recommend as useful support for those starting out in Data Governance?

I’m not a big reader, but in 2006 Jill Dyché and Evan Levy published, at that time, an inspirational book called Customer Data Integration. This has been the only data book I have ever taken to heart because of its narrative. Jill is a wonderful storyteller where she brings to life the data challenges. If you ever get the opportunity to talk with Jill or listen to her, go out of your way to do so.

What is the biggest challenge you have ever faced in a Data Governance implementation?

Getting started. We hear the saying ‘they just do not get it’ and use that as an excuse for not landing our data message. Looking under the covers I normally find that they do get it but data is not high on their list of priorities, or they have been subjected to the technology bias too often, or they cannot see the value in dedicating energy to a vague concept.

My biggest challenge has been turning that supertanker. Convincing stakeholders who are either disinterested or openly negative to the changes being proposed to establish a company-wide data discipline. Remember changing a culture requires commitment.

Is there a company or industry you would particularly like to help implement Data Governance for and why?

Company or industry for me is no different. Data is data and its management are broadly the same process.

However, I am a little different in that I look to a Chief Financial Officer (CFO) as the ultimate consumer of data, they would benefit directly through a well oiled and efficient data discipline. Harks back to my days as a spreadsheet jockey. Give me better data that I can trust.

Many people would disagree with my target audience, and to be honest, 5 years ago I would have agreed with them.

My rationale is that Data Governance starts predominantly through the management of master data. These are the foundations of every business process, customer, supplier, material, people etc. Every process executed in business has either an explicit or implicit financial impact that lands in finance. Much of the master data is touched by a finance process, for example, customer credit, material costing, supplier bank details, payroll.

Therefore, by inference finance really does have ‘skin in the game’ when it comes to consistent trusted data. Why would you not at least start the data journey in finance? 

What single piece of advice would you give someone just starting out in Data Governance?

Keep it simple. The saying ‘think big, start small’ really rings true to Data Governance. You want to take your stakeholders on a journey of discovery and enlightenment, not a slog up Mount Everest. 

There is no right answer, just many paths with potentially different outcomes. Choose wisely.

Finally, I wondered if you could share a memorable data governance experience?

My first day in a company as the Global Data Governance Manager I attended the inaugural Data Governance Executive Forum, only to be told by my boss that he was not able to attend and that I should chair the meeting.

My first day.

I didn’t know the people, their subject areas, what had gone in the past, even the format of the meeting. This was to be my introduction into the world’s largest multinational of this industry.

I was petrified.

I learnt a great deal about the people, but more importantly about myself. In the room were a group of supporters, a group of antagonists with the remainder ambivalent.

By the end of the 3-hour meeting we had achieved a consensus on the way forward for Data Governance, the challenges I would have to overcome and most importantly the frequency in which I would sit down with them one on one over a coffee.

The outcome was the embryo of Data Governance that would ultimately get established and span the entire company.

On reflection, if I had made a mess of that first-day induction, Data Governance would have been consigned to the ‘failed project’ bin.