A lot of attention is now being paid to the topic of data governance, and what it means versus data management.
Within the last few years, data governance has leapt from an esoteric term bandied about only by IT professionals to being on the minds of a wide range of people, from upper corporate echelons to middle managers to legislators worldwide.
Yet data governance still isn’t clear to many. What’s more, many confuse it with the more ubiquitous data management. So, what’s the difference between the two? How are they similar? And more importantly, does it matter to GRC professionals?
What is data management?
To understand what sets them apart from each other, it helps to have a clear definition of each term. Since data management has been around longer and is generally better understood, we’ll start there. According to Dataversity, data management…
…is a comprehensive collection of practices, concepts, procedures, processes and a wide range of accompanying systems that allow for an organization to gain control of its data resources.
In much simpler terms, data management is exactly what it sounds like: It’s how your organization manages all aspects of its data. That’s why it’s typically viewed as a responsibility of IT, meant to organize and control data so it’s accessible and up-to-date for users.
What is data governance?
By contrast, data governance is more about the rules governing how you’re handling data. Informatica defines data governance as encompassing…
“…the strategies and technologies used to make sure business data stays in compliance with regulations and corporate policies.”
So, data governance is the framework or model for what an organization is does with its data, under what circumstances, and by what methods. Data governance is a holistic business strategy, versus data management, which is about the details of operationalizing data. Data governance lays out guidance and policies on how a company identifies and prioritizes the ways it’s going to derive financial benefits from data, while mitigating any business risks from bad data or other data-related problems.
The rise of data governance
Data governance, as a term, only came into vogue over the past few years. And the term didn’t come to the forefront on its own: it was pushed there by events like the data breach at Starwood Hotels involving the records of over 500 million guests, the data breach at Yahoo involving over three billion user accounts, and countless other similar events. They’ve all given impetus to corporate adoption of data governance.
In part, because of those breaches, governments around the world have enacted data privacy laws. One such example is the General Data Privacy Protection Act, which became law in 2018 and governs how countries in the EU handle personal data – and impacts how non-EU marketers collect personal data from EU residents. Another is the California Consumer Privacy Act, designed to protect the privacy of California citizens.
Data governance is part of a data management strategy
The data governance structures organizations are putting in place are one part of their larger data management strategy.
Think of it in terms of scope: Data management is broad in scope, covering all aspects of how your organization acquires, stores and uses its data. Below that framework of data management is data governance, which is more narrowly concerned with the policies and procedures of how data is managed and used to achieve your business goals and avoid risk.
That said, “narrowly” still encompasses a broad swath of areas, as you can see in the graphic below.
In practical terms, how should this play out? First, your organization should establish a data management strategy or framework, setting some broad outlines of how you’ll manage data. Once that’s been established, your company can begin to develop a data governance framework showing how the data you’re managing can service corporate objectives.
Working together to empower the organization
While they mean different things, data governance and data management are far from mutually exclusive. Instead, they can and should be viewed as working in unison to strengthen how your organization handles and protects its data, especially the personal data of customers and prospects, and turns data to your advantage.
The short take? In times like these, organizations must leverage data governance to establish rules and policies for how their data is governed and secured, enhancing and strengthening their approach to data management.
This way, your corporation is better prepared to put data to business-building uses, and better safeguarded against the ever-growing threat of data-related risk and liability.