Data Governance Policies and Procedures: What You Need to Know


“Show me the money!”, the famous quote from the hit movie Jerry Maguire, describes how a negotiation works between two people. But it also works as a great data governance analogy.

Instead of a negotiation between people, think of data governance policies and procedures as a negotiation between your organization and your data. What’s more, it’s a negotiation that can be completely automated. So what does this all mean in today’s data-driven world and, more importantly, why should you care?

In this blog, I want to discuss data governance as a process, beyond the realm of data policies and government regulation, as well as explore the critical factors that drive organizations to design and implement strong, maintainable data governance policies. I’ll also suggest incremental steps to build a policy that’s right for you. It’s not one size fits all. What is the same, however, is the fact that every organization should have one.

Data Governance Policies and Procedures as a Process

Data governance is not a new concept by any stretch of the imagination, but it has come into sharp focus as the world’s data footprint continues to grow exponentially. Today, organizations not only must adhere to strict data policies and regulations (i.e. Sarbanes-Oxley Act, Basil Accord, HIPAA, Government agencies, GDPR), but they’re also looking to build a data governance strategy to better manage and properly safeguard their data as a valuable organizational asset.

Efficient access and understanding of your organization’s data and its footprint is crucial. Let’s take a quick look at what a data governance process strategy can look like through this lens.

Say your company is looking to market a new product by targeting a specific user group from your established customers. There are many aspects to a successful roll-out and launch, but I’ll focus solely on the marketing campaign to target specific users interested in the product. Questions you’ll ask are: where can I get information about my customers, the previous conversations we’ve had, and any other relevant information to put a story together to sell them something new? Answers live in a number of places, but they probably include these sources: your CRM, customer support portal, and analytics dashboards.

Guide to Data Governance

If you have a data governance policy in place, you’re likely to know exactly where all of your data resides (data catalog) and have rules for granting access to such data. What results is a streamlined process to efficiently utilize a protected asset.

However, if you do not maintain a governed environment, you’ll instead spend a significant amount of time and resources trying to gather all of the information about the data source and dialogue with the people who really understand them. Putting together a strategy for the marketing campaign after all of that is a little bit more of an undertaking.

The Driving Forces of Data Governance

Above is a useful example to help illustrate why data governance has entered center stage over the past couple of years. In my opinion, there are two important operational drivers forcing organizations to either create or enhance their data governance policy: risk and maintenance. Let’s go into these with the marketing example in mind.

Risk Beyond Regulation

In addition to policy risk and regulations which mandate companies to safeguard certain data in a specific way, organizations are now facing the risk that their most valuable possession, their data, isn’t being properly handled. Access rights may be too lenient, there might be no data lineage, or they simply don’t know what exists in their infrastructure. With customer data being the most valuable asset for successful targeted marketing campaigns, it’s clear these three types of risks can have real repercussions.

Moving beyond risk management is optimization. With the contract defined, organizations can free their resources to improve data analysis. If an organization can understand how its data is being handled and accessed, it can make sure the data is not only protected, but better utilized.


Nobody likes to talk about maintenance because, much like data governance, it’s not new. However, it still has its place, marking the difference between being organized or unorganized, between saving time and resources or wasting them and losing opportunities. All existing data in an organization’s infrastructure must be maintained; the more you have, the more of an effort it is to maintain it.

With a customized and automated data governance policy, an organization has the ability to do things such as set identity management, setup an audit log, monitor data requests, monitor data quality, flag and alert the appropriate stakeholders, manage the data’s structure and content, and more. Committing to a data governance framework that is automated makes maintaining the solution altogether less daunting. Positive results include decreased operational costs and increased efficiency and trust in data insights across the board.

5 Steps for Developing a Strong Data Governance Policy

So your organization has identified that you either need to improve your policy or create a new one. Let’s get into how you can get the best bang for your buck and develop a customized policy that’s reliable and maintainable.

My first recommendation is to start with your regulatory and operational data risks. Once the risks have been mapped out, you can then start thinking about how to make your data work for you. By this, I mean, think about the data you collect from your customers and explore how you can deliver a better overall experience. Here are some incremental steps to get your process on the right track:

  1. Determine the senior leaders you trust with creating/updating your policy. Generally, this will include at least a senior leader from IT, business, and management, sharing knowledge from different areas of expertise.
  2. The data governance team should assess all areas of operational risk with respect to the data and come up with a plan for using your existing data.
  3. Determine the plan and implementation strategy with the operational risks clearly communicated and addressed. If you’re implementing a new policy, I highly recommend determining how you can automate the entire process. This should also include a plan for maintaining all systems and their data.
  4. Implement the changes and put your governance strategy into practice.
  5. Re-assess and change course, if needed.

Note: If you are setting a new policy, start small and grow from there, as this is a highly iterative process.

Repeat After Me: Show Me The Money!

In the rapidly changing world of data, all governance policies and procedures are not created equal. They must be customized for your organization’s problem areas and risks, goals, company size, and previous experience with data governance policies. Updating a policy is a very different, but equally important process as developing a new one.

If you follow my suggestions for incremental success, you should be able to add/update your existing policy, reduce regulatory and operational expenses, and properly manage access to and use of your organization’s most valuable asset. I can’t stress this enough: don’t be complacent!

Be proactive in your approach to data governance so that the untapped potential of your data can instead be data gold. If you have any questions or want to talk through your data governance policy, contact us.

New call-to-action

Posted on June 22, 2017
Try CloverDX for 45-days  Full access to Tech Support as if you were a customer

Where to go next