What does digital transformation mean to you? For many, it means the rapid creation of personalized customer experiences. But digital transformation is also driving a surge in data, requiring careful management and control with heightened attention to the security and privacy of the customer information that enables it. The recent Harvard Business Review (HBR) research “A Blueprint for Data Governance in the Age of Business Transformation” (bit.ly/346v5uw) shows that corporate executives, senior and middle managers, and other cross-functional stakeholders understand these constraints and view investments in data governance as a way to enable data-driven decision making, enhance their organization’s reputation, improve competitiveness by protecting intellectual property (IP), and reduce the costs and fines associated with data breaches.

Creating trust by applying robust data governance also helps organizations retain and attract customers while increasing revenues. How can organizations meet the expectations of rolling out digital transformation and responding quickly to customer needs while protecting corporate IP and customer information? According to the HBR research, creating effective data governance rests on five pillars: (1) data policies, (2) corporate culture, (3) organization structure, (4) technology infrastructure, and (5) workforce development.


Before creating data policy, the first step is to define what data governance is appropriate for your organization. Data governance is a data management system that ensures that business objectives are supported by high-quality data and controls across the complete life cycle of data. It supports data availability, usability, consistency, integrity, and security by establishing accountability for data quality and promoting accessibility and proper use of data across the organization.

Experts agree that effective data governance is one of the first principles of proper data management. Data governance identifies what data will be collected, how it will be collected and protected, and how data compliance and confidentiality requirements will be achieved. Creating effective data policies and systematically communicating them throughout the organization will ensure that all employees are consistently aware and follow proper data security and management protocols.

The next step is to define all valuable or potentially valuable organizational data, including all customer data, and to perform a data policy gap analysis. The analysis should include all business units and consider both internal policies and external regulations. A risk-assessment heat map should be created to identify and close the gaps.

Now create or update the policies based on the results of the findings, giving top priority to areas with the highest ROI and potential impact. Finally, set up an ongoing review process to continue updating the policies as needed, based on business, legal, and regulatory compliance as well as changes in the economic environment.


Corporate culture often requires significant changes for an organization to become a data-driven enterprise. Why is creating a data-driven culture so important? Gartner advises, “Culture and data literacy are the top two roadblocks for data and analytics leaders” (gtnr.it/3kSGIv3). Overcoming these roadblocks by creating a data-driven culture allows organizations to better serve their customers and accelerate decision making.

Tableau advises that data-driven cultures require five common elements: trust, commitment, talent, sharing, and mind-set. “Becoming truly data-driven requires changing mindsets, attitudes, and habits—embedding data into the identity of the organization. People have to want to use data and encourage others to do the same. In a Data Culture, people ask the hard questions and challenge ideas. They come together with a shared mission to improve the organization and themselves with data. Leaders inspire through action, basing decisions on data, not intuition” (tabsoft.co/3iRLs2q). For organizations to successfully adopt these new cultural norms, leadership must choose and systematically apply a change management methodology, including a strong communication plan.


To bring sustainable change in establishing data-driven culture, the most successful organizations have added the role of chief data officer (CDO). NewVantage Partners’ Annual Big Data Executive Survey 2018 found that 62.5% of senior Fortune 1000 business and technology decision makers said their organization had appointed a CDO. The CDO’s primary purpose is to provide leadership in treating data as an organizational asset, with robust and comprehensive data governance. CDOs work with IT and business-unit leaders to identify and communicate the business value of the data and then lead all aspects of data strategy around data management, including governance.

Another prominent C-suite role with the specific focus on driving information security initiatives and programs pertaining to internal and external threads is that of chief information security officer (CISO). More than half of regulated industry organizations surveyed by HBR agreed about the essential role of the CISO.

Having a CDO and CISO isn’t enough. Good data governance requires cross-functional cooperation and leadership. Senior executives must understand the importance and ROI of data as an asset and become its stewards and enthusiastic supporters of data governance. CFOs can be instrumental in leading the charge, due to their broad understanding of financial and organizational data. All business-unit leaders should align with the data governance strategy and follow the correct policies and procedures. Good data governance will increase customer trust and reduce the risk of its loss.


Investing in security infrastructure and data governance monitoring improves governance maturity. Leading organizations pursue anti-malware, data-flow tracking, e-discovery, and behavior-monitoring investments.

Understanding what data exists, which data is confidential, and how the data is being used can be simplified using the correct technology tools. And applying regular updates to infrastructure reduces the risk of breaches providing customer reassurance, which is critical in maintaining both B2B and B2C customer relationships.


The weakest security link in most organizations is their workforce. Most malware breaches occur because of employee mistakes. Organizations need “soft” training (e.g., how to recognize phishing attacks, comply with security/privacy policies, etc.) as well as training in any new tools.

Effective data governance rests on the five key pillars of data policies, corporate culture, organization structure, technology infrastructure, and workforce development. Although data governance is often behind digital transformation, by focusing on these pillars, data governance can catch up and support digital transformation innovations while protecting corporate IP and customer information.

All views, thoughts, and opinions expressed belong solely to the authors, and not to the authors’ employers.

About the Authors