Select Page

Why is Data Governance the number one strategic investment today?

by | Oct 4, 2017 | Governance Risk and Compliance

We’ve reached the Information Age, where an organization’s data is its most vital asset. As data grows in volumes and structure, managing data efficiently becomes a primary business obligation. If you look at the past decade, or the decade before that, data governance was just a nice thing to have. It’s made a comeback as a relatively new and hot topic, and companies are gradually waking up to the growing importance of data governance.

Before a business can really get serious about putting data governance into practice, it must understand what it is all about. There’s no single definition to data governance, and there cannot be. Data governance is a vast phenomenon that aims at improving the quality of data in an enterprise by following the best practices in data management. In a nutshell, data governance is a set of practices that ensures that business data is accessed, utilized, maintained, managed and protected well.

As massive data gets generated every day, the threat of misuse and data breaches increases proportionately. For that, and several other significant reasons, companies are now realizing that adopting a complete data governance strategy will empower them in the long run. Here are a few reasons why data governance has become even more important than before.

Better decision making
Data is inevitably an important raw material for all business decisions and future strategy. A business that fails to manage its data efficiently, later fails at making prudent business decisions. When an enterprise manages its data formally, in accordance with data governance standards, it can clearly understand its current state of affairs. Data governance enables businesses to determine its data needs, plan policies and procedures accordingly and channelize its workforce towards better data management.

Improved Data Quality
Almost all businesses struggle with data quality issues from time to time. But there are very few business leaders who take an action to fix data quality issues. Data governance can drastically fix data quality issues and avoid errors in the future. It ensures that an enterprise’s data is accurate, complete, timely and consistent with all compliance regulations.

Protecting Critical Enterprise Data
A business that deals with sensitive customer information like personal preferences, or banking details etc. is constantly under the threat of data loss or breach. Then there’s critical enterprise data that needs to be cautiously protected. And that’s where data governance comes to rescue – safeguarding critical business and customer information in accordance with data privacy regulations. With data governance in place, companies can avoid costly data breaches and save its sensitive data in a very organized manner.

Reusability of Historical Business Data
Data growth is an alarming issue today. But what we must not forget is that even if new data comes in, old data doesn’t lose its importance. Data drives businesses, and every bit of data is critical business information and can be utilized at any time in future. For this, all historical data needs to be maintained and preserved in a usable format. Data governance builds a foundation for systematic data management, which preserves important business data diligently, making it reusable in the right format at any time in future.

Smooth Data Analytics
Developing an effective data governance framework enables capturing business data and using it from the analytics point of view. Clarity in information and effective data management ensures that data is available in the right format for better analytics. Better analytics in turn means better data reporting, and eventually better decision making from the management perspective.

These are just some of the most essential factors that are driving enterprises towards data governance practices. As long as organizations are driven by data, data governance is here to stay. It is no more just a nice thing to do; it is becoming a legal mandate and a strategic investment for all enterprises, big or small.

GDPR: What it means for US-based companies

by | Sep 27, 2017 | Data and Analytics, GDPR, Governance Risk and Compliance

The General Data Protection Regulation (GDPR) is a new law that will come into effect in the European Union (EU) on the 25th of May, 2018. It’s key goal is to reinforce and unify data protection for individuals in the EU. The GDPR replaces the Data Protection Directive from 1995 and marks a major departure in many aspects.​

It is a new legal framework for handling personal data of EU-based individuals, be they customers, prospects, contractors or employees. It is already in force but not yet enforceable-businesses and not-for profit organizations have until May 25, 2018 to comply. Although GDPR originates in the EU, it actually impacts businesses worldwide- if they handle personal data of EU individuals, or do business with organizations that do. GDPR imposes obligations on how that data is treated, even if that personal data has traveled outside the EU and is now stored and handled in a distant corner of the world.

How will GDPR affect US companies
The main objective of GDPR is to give EU citizens greater control over how their personal data is collected, protected and utilized. While the legislation applies to EU companies, it also applies to any company that chooses to do business in the EU. US companies that operate in the EU market and which collect personally identifiable information (PII) are subject to EU-GDPR regulations in all of the EU countries in which they do business.

EU GDPR directly impacts organisations in the U.S. If they

  • have offices or employees in the EU
  • market or sell to EU citizens
  • partner with EU-based organisations
  • may have at one point, or may at some point in the future, process, store, receive, or handle in any way, data pertaining to EU citizens

If your processing activities fall into any of the above categories then you must comply with the EU GDPR guidelines. Basically, this means the rules follow the data, rather than being territorial. In other words, this is applicable to US companies that are not located in the EU but provide goods or services to EU citizens or monitor the behaviors of EU citizens. These companies must be in compliance with GDPR rules on the data privacy of these individuals.

Key points for US-based companies: How do I comply?
After determining that they are subject to the regulation, the next determination a US company has to make is what changes they need to make in order to comply. To truly comply with the new General Data Protection Regulation (GDPR) rules, means being able to see into ALL of the organisation’s data, which will assist in adopting a holistic approach with processes adopted across all industries, geographies and business units and provide a clear strategy on access and classification. Organisations need to know where personal data is stored, in what form it is found and keep track of who is authorised to access it. US-based companies that collect personal information and that operate within the European Union should consider preparing for the GDPR’s implementation by:

  • Developing or revising a privacy program that collects and retains personal information only to the extent necessary (e.g., adhering as closely as possible to the European Union’s “purpose limitation” requirements)
  • Appointing a knowledgeable data protection officer or a chief privacy officer to oversee the company’s privacy practices and ensure compliance with both domestic and international regulations
  • Reviewing and possibly amending contracts with third parties that process, control or maintain collected personal information to ensure proper safeguards and data breach reporting procedures
  • Ensuring that there are updated and tested data breach response policies and programs to ensure timely notification to regulators and consumers in the event of a data breach.

What is the impact?
At this point a US firm that may be subject to the regulation may ask “So what? Why do we care about EU data regulations?” Organizations that fail to comply can be fined up to 20 million Euros or 4% of their worldwide revenue.  Violators will be placed in one of two tiers, with the higher tier costing violators up to over 20 million euros or 4% of the company’s net income.

With the European General Data Protection Regulation (GDPR) taking effect in May 2018, companies doing business in the European Union are scrambling to avoid the severe penalties from non-compliance with these stringent regulations.

Existing in a world with a global marketplace implies that GDPR cannot be overlooked and now is the time to ensure that your company is ready for how the changes may affect them. Consider the parts of the GDPR that will have the most impact on your business and begin with those areas first in your review and overhaul of your policies to ensure you are prepared for implementation ahead of the May 25, 2018 effective date of GDPR.