Adopt a Data Governance Approach That Enables Business Outcomes

Establish the foundations for lasting, trust-based data governance.
The seven must-have foundations for modern data and analytics governance.

Download Your Customisable Road Map for Data Governance

Learn how your peers are executing effective governance initiatives and build out a personalised governance road map.

Provide your valid work email address to download now. You'll also receive unlimited access direct to your inbox.

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Contact Information

All fields are required.

    Back

    By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

    Company/Organization Information

    All fields are required.

    Optional

    Back

    By clicking the "Submit" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

    Data governance must deliver organisational benefits at the right time

    Current data governance practices are often too rigid and insensitive to the business context. By 2027, for example, 60% of organisations will fail to realise the anticipated value of their AI use cases due to incohesive data governance frameworks. Incorporate best practices into your data governance road map and:

    • Build an effective governance structure

    • Design and deploy effective policies and standards

    • Evaluate and improve data governance performance

    • Establish a process of iteration and learning

    Take a modern approach to data governance

    Organisations are failing to reach their data governance objectives. To deliver effective data and analytics strategies, CDAOs must address their governance issues with the following tactics.
    • Shift the Focus
    • Lay a Firm Foundation
    • Build a Culture of Trust
    • Evaluate Data Policies

    Focus on outcomes first

    Data governance programmes specify decision rights and accountability to ensure data is properly valued, created, consumed and controlled.  But many organisations approach governance from the perspective of data hygiene and control, and not as a critical business capability on which key business outcomes rely. 

    By concentrating on problematic data and lack of standardisation, too many data and analytics (D&A) leaders focus on cataloguing enterprise data and documenting pain points and pin their hopes for improvements on acquiring a new master data management solution or some new metadata-based offering. 

    This approach rarely, if ever, leads to success, because a common stakeholder response emerges, often within a few months: While everyone agrees that data is important, business roles lose interest in the work because the scope of D&A governance is not put in the broader context of business goals. 

    To get past this dilemma and effectively move their organisations forward, D&A leaders must shift their data governance strategy from data to outcomes so that business roles within the organisation can see the connection between data, its governance and achieving the enterprise mission.

    Seven key elements to achieve good data governance

    By establishing effective data governance, you’re laying the foundation needed to ensure your organisation seizes business opportunities and overcomes challenges. Along the way, you can ensure higher data accuracy, reduce decision-making time through the use of enhanced data quality, and minimise risks with cost efficiency for business. 

    Here are the seven foundations of effective data and analytics governance:   

    1. Value and outcomes: Ensure that governance activities are specifically and directly connected to organisational value or business outcomes and priorities. By starting with business outcomes, a more direct connection will be made with the instruments of governance, such as policies and standards. This helps identify the right D&A metrics to enable the desired outcomes.

    2. Accountability and decision rights: Develop and maintain an appropriate accountability model with decision rights so that all stakeholders clearly understand where D&A assets are created, consumed and controlled. 

    3. Trust: Organisations cannot assume they own all the D&A assets they govern. Some assets come from partner companies, information brokers and open-data sources. Therefore, foster trust-based data governance and acknowledge the importance of lineage and curation of D&A assets in complex and distributed organisational ecosystems.

    1. Transparency and ethics: Demonstrate that your data governance operates in an open and transparent manner, is based on a clear decision-making process and ethical foundations, and will stand up to external scrutiny. This transparency is particularly critical today, and more difficult to achieve, as AI becomes prevalent in organisations and regulations grow more onerous. This means digital ethics policies now assume increasing importance for driving sustainable organisational outcomes.

    2. Risk and security: Take a risk-aware approach to data governance so that information risk and security management are not afterthoughts, but an inherent part of an effort to achieve risk-adjusted business outcomes through governance. Organisations that take this approach will be well-situated to modernise their business and operating models.

    3. Education and training: Communicate the value of required behavioural change so that people can understand and embrace what they must do differently. Stakeholders must have the right competencies, skills and attitudes to engage with governance objectives. Education and training modules must be current, relevant, and offered and consumed as a continuous process.

    4. Collaboration and culture: Because enterprise digitisation efforts are typically large and complex, cultural change is often perceived as an enormous task that is too difficult to undertake, and therefore usually ignored. It is imperative to recognise and communicate, through storytelling and the use of ‘culture hacks’, the need for a shift in mindset from control to collaboration.

    Foster trust and mature your culture to use D&A and AI responsibly

    Although D&A has been a top priority for organisations for years, most D&A leaders have little to show for their investment and effort. The recent explosive growth of AI technologies puts D&A front and centre as a foundational prerequisite, and adds even more pressure within organisations to establish an effective data governance framework. 

    Build a culture of trust to help your organisation navigate the complex challenges surrounding data, analytics and AI. This includes rightsizing governance, managing enterprise-wide risk and addressing human behavioural change. For this all-important human element, address these three interconnected themes when making business decisions: 

    Manage the risk implications of data, analytics and AI proactively. The inherent risks that come with the development and use of D&A and AI require foresight and planning. These risks include not only privacy and security, but also the handling of sensitive data across D&A pipelines. Now more than ever, the financial, economic and societal impacts associated with D&A and AI use must also be considered. This means understanding, identifying and mitigating risks of responsible D&A and AI failures proactively and head-on.

    Adopt an adaptive, trust-based management of data, analytics and AI governance and assets that aligns effort with business value. Here, data governance moves from control to enablement and ease of use. This means collaboration across interfaces with individualised experiences, driven by automation and augmentation, becomes a priority. And it means that adaptive governance focuses on the combined effect of people plus technology while managing to enable, encourage, embed and support this symbiotic relationship.

    Drive culture change to support data-driven decisions and deliver business value. D&A culture requires constant care and attention. Here, data literacy is a first step to fully leveraging data and analytics. And the ultimate goal is to incorporate D&A seamlessly into business systems and processes to support and enable decision making. This means that the process to embed and manage behavioural change inherent in incorporating D&A into the business must be defined, understood and managed.

    Apply a full range of governance policies to D&A artefacts

    Diverse business outcomes, priorities and stakeholders make it difficult to establish complete, consistently aligned and effective D&A governance policies. This leads to a fragmented scope for data governance efforts. 

    Beyond fragmented scopes, D&A teams and related stakeholders often do not consider two critical dimensions of data governance: which D&A artefacts to govern and which types of policies to apply. In addition, some organisations develop programmes and write policies for each information asset, one policy at a time, only to end up with monolithic programmes that have little chance of working together. Ultimately, these D&A governance programmes deliver limited value because they don’t identify and formalise the relevant policy types early enough in the process. 

    To address these challenges, build a holistic view of how D&A artefacts are governed and apply a full range of policies regarding quality, security, privacy, retention, ethics, definitions and models as part of their toolkit for best practices and use cases.

    Approaching governance in this way will help surface which specific business partners should take accountability for monitoring and enforcing policies.

    Quality policies set expectations about the fitness for purpose of artefacts across various dimensions. Although most commonly associated with data, considerations about validity, completeness, timeliness, accuracy, integrity and other dimensions can apply to analytics artefacts as well. 

    Privacy policies are generally associated with personal data (such as customer, patient or employee data) and focus on establishing accountability, transparency, purposeful processing and control to reduce privacy and compliance risks.

    Security policies focus on controlling access to valuable or sensitive D&A artefacts and helping the enterprise mitigate the business and financial risk of security breaches arising from hacking, ransomware and internal malicious actors. Often, security and privacy policies are closely intertwined, and many organisations develop data protection policies that address both issues. 

    Retention policies focus on the life cycles of D&A artefacts, how long they are retained and archived, and when they are disposed of. In addition, retention and disposal are sometimes related to privacy policies concerning personal data.

    Ethics policies define the systems of values and moral principles for electronic interactions among people, businesses and things. These policies ensure that the collection, management, use and sharing of D&A insights aligns with enterprise values and morals. Here, the need for robust ethics policies is critical due to the increasing use of generative AI to improve customer and employee experience. 

    Definition and model policies reflect the need for consistent formats, semantics and terminologies associated with critical D&A constructs. These policies define key concepts and common models, and often focus on broadly used artefacts such as master data domains and critical business KPIs.

    In addition to these core policy types, many D&A programmes require other policies that play a supporting role or are derivatives of the core types. These include:

    Data/information classification policies to establish a framework for determining how the core policies should be applied to data assets. 

    Data protection policies to address risks to sensitive data.

    Data sharing policies to guide the visibility or delivery of data across organisational boundaries and address concerns over security, privacy, quality, definitions and models.

    How BNY Mellon Became a Data-Driven Organisation

    Rita Ghanekar, Senior Director of Treasury Services, Data Strategy and Analytics at BNY Mellon, shares how she created the cultural change that earned her team a seat at the strategy table.

    Experience Data and Analytics conferences

    Join your peers for the unveiling of the latest insights at the Gartner conferences.

    View Conferences

    Frequently asked questions about data governance

    According to Gartner, data governance is the specification of decision rights and an accountability framework to ensure the appropriate behaviour in the valuation, creation, consumption, and control of data and analytics.

    Data governance encompasses a set of processes, policies and standards that ensure the effective management and use of data within an organisation. Key elements include:

    1. Data strategy

    2. Data ownership

    3. Data stewardship

    4. Data policies and standards

    5. Data quality management

    6. Data security and privacy

    7. Data life cycle management

    8. Data tools

    9. Compliance and regulatory requirements

    AI and ML technologies offer powerful capabilities to automate, analyse and optimise data governance processes, leading to improved data quality, security, compliance and efficiency. Such as:

    1. Data quality and cleansing

    2. Data classification and tagging

    3. Data security and privacy

    4. Workflow automation

    5. Analytics

    6. Compliance monitoring and reporting

    Drive stronger performance on your mission-critical priorities.