Data Governance - Deloitte

Point of View (PoV)

December 2022
Data Governance - Deloitte Point of View (PoV)

Document Overview
This article showcases Deloitte’s Point of View (PoV) on Data Governance (DG),
which has been consolidated based on our research, observations, and Throughout
experience in supporting Data Governance programmes for clients across this PoV, some
multiple sectors and at different maturity-levels. sections will
include additional
Throughout this document, we refer to the most mature Data Governance
observations and
organisations as ‘Role Model’ organisations. The journey to becoming a Data
insights based on
Governance Role Model is challenging, requires dedicated investment, time, and
our research and
effort, and should be based on a clear strategy and roadmap. The reality is that
very few organisations across the globe and from different industries have experience with
achieved Role Model status, but many aspire to it. clients.

We will showcase our Point Of View on what is required for

We acknowledge
organisations to achieve Role Model status. that Data
Governance is
difficult, and that
there are very
Role Model organisations few Role Model
organisations out
Innovation Automation Data-Driven there, but it’s never
too late to start!

This PoV is
designed to
Job Descriptions
DG Trainings
Data Literacy provide guidelines
with DG KPIs Programme
for organisations
to increase their
Data Governance
maturity level and
help move towards
Defined DG Defined KPIs Op-Model
Roles & Resp. Role Model status.

DG Strategy Processes Policies

Assessment Basic Awareness Benchmark

02
Data Governance - Deloitte Point of View (PoV)

Sharing our experiences

What is Data Governance? 04

Why is Data Governance important? 05

Our perspective 08

Contact 14

03
Data Governance - Deloitte Point of View (PoV)

What is Data Governance?

It’s more than just regulation and compliance…
Some organisations we have worked with view Data Governance as a reaction to regulatory and compliance
mandates, adopting a more Defensive Mindset - reacting to rising risks and issues, such as regulatory
requirements, compliance demands, security breaches, data privacy concerns, and external pressure.

However, this approach seems to be changing. Organisations are increasingly adopting an Opportunity
Mindset, where Data Governance is seen as a pre-requisite to becoming a truly data-driven organisation,
and a catalyst to extracting business value and innovation opportunities from their data.

What is it really and what are its drivers?

We see Data Governance as more than just adhering to regulations and compliance – it is the key to
unlocking the full potential in other Data Management & Analytics capabilities such as effective Artificial
Intelligence (AI)/Machine Learning (ML), Cyber Security, Data Visualisation & Reporting, and Automation,
being directly associated with making the most effective use of an organisation’s data.

Data Governance is a set of quality control processes that help organisations in managing, using, improving,
maintaining, monitoring, and protecting data across the organisation. It is the proactive management of data
to ensure an organisation’s data is fit for purpose and provides companies a framework to manage quality,
access, privacy and security of its data.

Data Governance should be viewed as an enabler, supporting benefits such as greater efficiency, more
innovation and insight, and higher cost savings through more effective use of data.

Enable data-driven
decision making

Reduce Operating
Costs and improve Improve Reputation and
Operational Excellence increase Trust in Data

Data
Governance
Drivers

Optimise Data Sharing Establish a healthy

& Accessibility Data Culture and
increase Data Literacy

04
Data Governance - Deloitte Point of View (PoV)

Why is Data
Governance important?
Many organisations
understand the
It’s a foundation to becoming data-driven business need
and value that
Many organisations understand the value of being data-driven and are now comes with Data
investing (or planning to) in Data Management, Analytics, Big Data, and AI. Management &
However, it’s important to understand that without effective Data Governance Analytics, and have
controls and practices in place, these investments cannot be fully realised. started to invest
and prioritise
accordingly.
By 2023, Data Literacy will become essential in driving business
value, demonstrated by its formal inclusion in over 80% of data
and analytics strategies and change management programs 1 However, it can be
easy to overlook
the importance
By 2026, 20% of high-performing organisations will use
of the role Data
connected governance to scale and execute on their Governance has
digital ambitions 2 in ensuring these
investments are
fully realised.
By 2025, 80% of organisations will have deployed multiple
data hubs as part of their data fabric to drive mission-critical Role Model
data and analytics sharing and governance 2 organisations
understand that
Data Governance
helps organisations
By 2025, 70% of public companies that outperform
competitors on key financial metrics will also report being data
in managing
and analytics centric 2 the increase in
information that
comes with new
Data Management
By 2024, organisations that lack a sustainable data and
analytics operationalisation framework will have their
& Analytics
initiatives set back by up to two years 3 programmes and
capabilities.

$500B+ forecasted annual revenue in the AI space by 2024 4

1
Gartner, A Data and Analytics Leader’s Guide to Data Literacy 2021
2
Gartner Predicts 2022: Data and Analytics Strategies Build Trust and Accelerate Decision Making
3
Gartner Predicts 2022: Analytics, BI and Data Science Ecosystems Drive New Perspectives
4
IDC Worldwide Semi-annual Artificial Intelligence Tracker.

05
Data Governance - Deloitte Point of View (PoV)

How does Data Governance

enable your organisation to
become data-driven?
Embedding effective Data Governance is key to unlocking the full potential of an organisation’s
Data & Analytics capabilities. It sets the controls and practices required to enable data
consumption throughout the Data Management lifecycle.

High-Level reference of a large organisation’s data flow: Data Governance sets the rules and standards
related to the overall Data Management lifecycle,
Internal (non-exhaustive) External (non-exhaustive) tackling different relevant questions, such as:

Internal employee Data Sources: What are the required

Third party data
Sample platforms standards to be adopted on all sources to
be ingested? What are the policies that the
Data Files and Purchased/ sources need to be compliant with?
Sources documents acquired data

Digital customer Data Integration: What is the process to

Open/public data integrate a new data source? What is the data
content
integration approach?

Maintenance: What are the controls to be

implemented on stored data? Which form
of storage is adopted? How is personal data
protected and consumed?

Data Integration &

Disaster Recovery & Backup: How does the
Ingestion organisation ensure that data stored is safe,
secure, and well-maintained?

Access Management: What is the process

to add/remove users access and to which
platforms? Who sets the permissions?
Data
Storage &
Access Accessibility: Who has access and to which
platform/module? How is data shared with the
respective stakeholders?

Analytics,
Intelligence, &
Data Consumption: What are the ethical
Automation requirements when using customer/
employee data? Are the required data
sharing controls in place?

06
Data Governance - Deloitte Point of View (PoV)
What does Data Governance
help resolve?
Considering the relevance of Data Governance to data consumption and other Data Management lifecycle
components, organisations often face a set of common pain points when effective Data Governance controls
and practices are not adopted.
1. Volume & Complexity
Data is too large and complex to
manage, leading to adverse impact of
unforeseen data changes
Organisations are not equipped to
handle the velocity, volume, and
variety of data from internal and
external sources. This results in
missed opportunities to optimise
the use of diverse data sources.
Instead, data is siloed, preventing
organisations from reusing valuable
data to support business insights.
[1]
https://ico.org.uk/action-weve-taken/enforcement/marriott-international-inc/
2. Inefficiencies 3. Impact to Trust and
Reputation
Data is fragmented with no single Inability to detect and respond to
source of truth – making the reuse of requests in a timely / proactive manner
data challenging
A lack of data standards for sharing Poorly managed privacy and consent
across multiple systems and leads to a loss of reputation and trust.
stakeholders increases the risk of
Organisations can face financial
re-work and duplicative spending,
liabilities for failing to meet internal
with some organisations likely to
and external regulatory requirements.
purchase the same data more
than once. In 2020, the ICO (Information
Commissioner Office) fined Marriott
Governing data is more time-
International £18.4 Million for a data
consuming and manual without
breach that affected millions of its
commonly defined metadata and
customers’ data. The breach started in
ontologies, data assets catalogued
2014, but was only detected in 2018. [1]
and accessible, and support of
agreed ownership and stewardship.
07
Data Governance - Deloitte Point of View (PoV)

Our perspective – the Data

Governance maturity journey
Based on the Data Governance maturity index below* we have found that the more
mature organisations all acknowledge that Data Governance is an ongoing activity
which requires investment, time, and effort. The below figure showcases Deloitte’s
Point of View of mature organisations’ common practices.

Level 5
Level 4 Effective

Level 3 Managed
Proactive
Level 2 Transforming
Reactive Data
Level 1 Industrialising
Governance
Aware Expanding Data
to a proactive,
ad-hoc Data Governance
Adopting automated
Governance activities
Aware of Data Data approach, with
capabilities across the
Governance, Governance, continuous
beyond silos organisation,
but little to no building improvement
and into with clearly
infrastructure capability and and monitoring
mainstream defined Data
and poorly articulating
business Governance
defined Data a Data
functions artifacts and
Governance Governance
clear roles and
strategy strategy in
responsibilities
silos

Organisations aspiring to reach Role Model status (levels 4 & 5) work towards:

Improving Data Culture, by initiating

Investing in their own capability a Data Literacy programme with
defined learning pathways

Allocating budgets dedicated Building a Data Governance

to ongoing Data Governance strategy and roadmap with clear
monitoring and improvement initiatives

Establishing & formalising Prioritising, rolling out, and

Data Governance roles and monitoring quick wins which
responsibilities demonstrate business value

*Based on Gartner Inc. (2020): Create a Master Data Roadmap With Gartner’s MDM Maturity Model

08
 Data Governance - Deloitte Point of View (PoV)

Our perspective – it’s all

about mindset
Historically, most
Major organisations operate in a rapidly changing environment, with organisations
disruption coming from the political, economic and technological spheres. would treat Data
Shifting from the Defensive to the Opportunity Mindset is what sets apart the Governance as a
Role Models from other organisations, allowing to drive more business value response to the
through Data Governance. introduction of
new regulations
e.g. GDPR (EU).
The Defensive Mindset The Opportunity Mindset CCPA (USA), PDPA
Up until now, the main priorities Achieving regulatory compliance (Singapore), POPI
for Data Governance have is a minimum requirement – (South Africa), etc.
surrounded achieving and organisations who adopt the
evidencing regulatory compliance. Opportunity Mindset use Data However, we see
Governance to drive business value. that this mindset
is changing, with
organisations
realising additional
Leveraging AI/
ML Capability benefits (besides
Reporting &
Visualisation
compliance) that
Data-Driven
come with having
Decision Making the Opportunity
Enhancing
Data Security Mindset, such as
CCPA Continue with
enabling data-
Value

Defensive Mindset Embed Data

Literacy
GDPR and upskill driven decision
employees
making, managing
POPI organisational
PDPA performance based
on data, improving
reputation and
trust, reducing
operating costs,
Value and identifying
profitability
opportunities.
Understand Monitor Control Unlock Value
Understand Observing Implementing Reap the reward
data to achieve data across detective and of data-driven
the highest key business preventative decision making
quality results processes controls

PDPA: Personal Data Protection Act

POPI: Protection of Personal Information Act
GDPR: General Data Protection Regulation
CCPA: California Consumer Privacy Act

09
Data Governance - Deloitte Point of View (PoV)

Our perspective – Data

Culture and building
Data Literacy is key
Data Governance
must be part of your
wider Data Culture

to enhancing Data and Literacy strategy

and is the first
step in becoming a
Governance data-driven, Data
Governance mature
organisation.
Data-driven organisations who invest in upskilling and developing the Data Role Model
Literacy capabilities of their workforce are more successful in consistently organisations
unlocking value from their data. Role Model organisations aim to embed Data understand that
Governance and Data Literacy into the normal ways of working, enabling a Data Governance
self-fulfilling, enterprise-wide Data Culture. is a ‘team sport’. All
employees should be
Data Governance made aware of the
Data Literacy Strategy
Learning Paths importance of Data
Governance.
• Long term Data Literacy Strategy • Clearly defined learning paths for each
The majority of
defined with Data Governance as a Data Governance role holder to follow,
an organisation’s
key competence focus area promoting continuous development –
ensuring the organisation is equipped employees use data
• Employee capabilities baselined
for evolving Data Governance needs. as part of their daily
• The journey has begun! tasks and should
be upskilled to use
and manage the
data effectively -
Data Governance Culture & Data Governance Roles &
this includes Data
Awareness Responsibilities
Governance.
• The organisation is establishing • Data Governance roles and Employee learning
a Data Culture and has a good responsibilities are defined and
approaches should
understanding of Data Governance resourced within both Business and
and the value it brings to the not be a ‘one size
Data Management & Analytics teams
business fits all’. In order to
• Data Governance Boards and Forums
• Decisions are made based on reliable capture and generate
are active.
data and not instinct. engagement and
excitement, a series
of learning methods
Data Literacy, Strategy & Vision
Diverse Data Learning Curriculum & and mediums
Training programme should be adopted,
including formal,
informal and on
Key Data Literacy Success Factors the job learning
opportunities.

Data Governance Change Data Governance

specific KPIs for Data Management Responsibilities in
Literacy programme Job Descriptions
10
Data Governance - Deloitte Point of View (PoV)

Our perspective –
what does good look
like?
Role Model
organisations
ensure that Data
Governance is
Based on our research, observations, and client engagements, we have embedded into
identified multiple characteristics as components of People, Process, and their ways of
Technology which contribute to effective Data Governance. working. This is
typically guided
by a federated
and nimble Data
Governance
Te
To olo
io n
ga ple &

ch
ol s g y

group which is
n
at

&

able to advocate
nis
o
Pe

the importance
Or

and value of Data

Governance to each
Process & part of the business,
Policy enabling them to
govern and manage
their own data.

• Data Governance roles • Data Governance is just • Investment in relevant

established, formalised,
and staffed by the
business
• Data Governance related
responsibilities included
in staff objectives
• Investment in Data
Literacy and upskilling/
training of employees
regarding Data
Governance
• Commitment/buy-in from
all business areas – not
just a CDO (Chief Data
Officer) group or IT
• Dedicated team
within the CDO group
established to focus on
driving the adoption and
proactive engagement
of Data Governance and
Data Culture across the
organisation
as much a priority for the
business as other major
programmes
• A Data Governance
strategy and plan is
defined to support other
transformations and
initiatives such as digital
transformation, cloud
computing, AI/ML, etc.
• Strategic choices should
be made to prioritise
specific areas across the
organisation based on
business needs, while
ensuring that low priority
areas are not neglected
in the long run
It is important
Data Governance tools
such as Data Cataloguing,
to highlight the
Data Lineage, and Data business value of
Quality Data Governance
• Advanced tools to support
to everyone within
and simplify automated the organisation,
Data Governance both top-down
processes and controls and bottom-up.
This will help in
• Well-defined and
accessible data the promotion and
dictionaries adoption of key
Data Governance
practices and tools.
Strategic decisions
should be specific to
each organisation’s
needs, challenges,
and priorities, as
well as industry
requirements and
best practices.

11
Data Governance - Deloitte Point of View (PoV)

Our perspective –
key considerations
There are a number of considerations and success factors that have proven to be critical for building
effective Data Governance.

Ownership
Data Governance is not just a Business or Technology responsibility; it is everyone’s
responsibility. People throughout the organisation need to be incentivised and shown the
fundamental value data brings to them and their respective functions.

Business Alignment
Business strategy alignment, early involvement, and buy-in from executives,
data producers, and data consumers in the process are key to building effective
Data Governance

Added Value
The benefits and added value of Data Governance should be continuously monitored
through the adoption of measurable and actionable KPIs which demonstrate how Data
Governance helps address business and data challenges.

Flexible
The Data Governance roadmap should consist of several ‘quick wins’ with structured
initiatives that are flexible to adapt to changing business needs and demands to help drive
and scale momentum and value.

Integrated
Data Governance initiatives must be aligned with and integrated into the organisation’s
overarching Data Strategy and roadmap.

12
Data Governance - Deloitte Point of View (PoV)

Our perspective –
key takeaways

It’s never too late to begin your

Data Governance journey

• As we’ve highlighted throughout this PoV, there are very few Data Governance Role
Models out there.

• Many organisations struggle to understand the real value and need for Data Governance,
and hence delay beginning their Data Governance journey. It is never too late to start,
but the sooner, the better!

It’s not just compliance, there’s opportunity too

• Achieving regulatory compliance is a minimum requirement for all organisations.

• Ensuring that your organisation’s culture and mindset is focused on the opportunities
and value derived from good Data Governance, such as enabling other Data & Analytics
tools, is a key step in implementing successful Data Governance.

Data Governance is hard work, but small steps

lead to big rewards

• Implementing effective Data Governance is difficult – however, ensuring that your

organisation adopts the right mindset and culture is crucial. There are multiple business,
technology, and cultural factors to consider when commencing your Data Governance journey.

• Data Governance strategy and adoption is a continuous process. The aim is to embed
effective Data Governance and Data Culture across the organisation.
Short Term Focus = Short Term Value.

13
Start a conversation
with us

Toby Waldock
Partner
[email protected]

Elliot Stamp
Senior Manager
[email protected]

Sara Monsef
Senior Manager
[email protected]

This publication has been written in general terms and we recommend that
you obtain professional advice before acting or refraining from action on any
of the contents of this publication. Deloitte LLP accepts no liability for any loss
occasioned to any person acting or refraining from action as a result of any
material in this publication. ​

Deloitte LLP is a limited liability partnership registered in England and Wales

with registered number OC303675 and its registered office at 1 New Street
Square, London EC4A 3HQ, United Kingdom. ​

Deloitte LLP is the United Kingdom affiliate of Deloitte NSE LLP, a member
firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by
guarantee (“DTTL”). DTTL and each of its member firms are legally separate
and independent entities. DTTL and Deloitte NSE LLP do not provide services
to clients. Please click here to learn more about our global network of member
firms. ​

© 2022 Deloitte LLP. All rights reserved.

Designed by CoRe Creative Services. RITM1239847