Questioning your data classification, governance, privacy capabilities or operations is not usually top of the agenda in regular meetings. However, asking thoughtful questions about the state of data (i.e. inventory and its risk) at your organization can help start the conversation.
Start Asking The Hard Questions
Need a hand on where to start? Here are some key questions your organization should be asking:
- Are we proactive in identifying and complying with all the laws and regulations governing data capture, use, retention, security, and disposal at our company?
- Have we got an adequate data governance foundation in place that allows us to deal with current and upcoming data privacy challenges. Such as sensitive data inventory, user access, and deletion options?
- Do we know what constitutes sensitive data? How complete and accurate it is? Where it is? How it is used and how it is being protected?
- Do we have appropriate leadership, structure, capabilities, resources, and support to address these risks comprehensively? Given the context of our business model and goals.
- Are we receiving and retaining the necessary data to support critical business decisions and actions?
- Have we organized the compliance and privacy functions to best support and oversee our business and operations?
- How does our data governance program and capabilities align with industry standards and peer organizations?
These questions are a great starting point to understand where your data privacy capabilities are in an ever-changing environment. This is by no means an exhaustive list, but by addressing these points, you’ll have a better understanding of which initiatives you should begin to reduce your risk.
Now that you have asked and answered the hard questions and identified the key processes that need to be addressed in your operations, the next step is to take action.
Although the task of organizing and implementing Data Governance can seem daunting, the end results are worth the attention and effort.
In addition to enabling compliance with data privacy regulations, Data Governance can pay significant business dividends. Especially when accomplished through careful planning and execution, collaboration with all key stakeholders, and strong executive sponsorship.
We’ve put together a list of considerations you should take into account when planning your next move.
- Assess the current state of data governance capabilities across the enterprise.
- Develop a vision for “Sustainable” Data Governance tailored to the organization’s data protection and privacy requirements. Particularly in the context of its business strategy and goals.
- Craft a multiyear roadmap, with priority on initiatives addressing highly-sensitive data first, for instance.
- Develop, fund, staff, and roll out the Data Governance program organization. Find out more about how your Data Classification Guidelines could look like.
- Establish a “multilayer accountability” model by making business stakeholders a key part of the program.
- Select and begin implementing data governance tools that support the multilayer accountability model. Allowing you to selectively protect your most sensitive data first, then all layers of your data classification model.
- Consider an experiment or pilot to understand value and opportunity
- Remember, data protection is an on-going effort! A successful governance program must address both short and long term goals.
Ultimately, the path to the effective management of data privacy risk through data governance starts by making it a high priority within your organization.
Are you ready to take that critical first step?