Data goverance

Helping you protect your organization and improve resilience

Updated regulations are making it impossible to ignore the need for a robust data governance strategy. As one of your most valuable assets, it’s no surprise data protection is being taken so seriously.

Take time to understand your organization’s data. Without a good overview of the different sources and data flows across your business, you not only struggle to meet growing data protection requirements and reassure your stakeholders, but miss the opportunity to use data to more effectively operate your business and improve performance.


What is data governance?

Data governance “Establishes principles for the effective, efficient and acceptable use of data” (ISO/IEC 38505 Governance of data).

These 8 principles for data governance are

  1. Obtain and process the information fairly
  2. Keep it only for one or more specified and lwaful purposes
  3. Process it only in ways compatible with the purposes for which it was given to you initially
  4. Keep it safe and secure
  5. Keep it accurate and up-to-date
  6. Ensure that it is adequate, relevant and not excessive
  7. retain it no longerthan is necessary for the specified purpose or purposes
  8. Give a copy of his/her personal data to any individual, on request

“By management ensuring that their organizations follow these principles they will be assisted in managing risks and encouraging the exploitation of opportunities arising from the safe handling and accurate interpretation of quality data.” (ISO/IEC 38505 Governance of data).


Why is data governance strategy important?

Creating a data governance strategy shows commitment from your organization. It ensures you take the necessary due diligence to mitigate the risk of non-compliance and avoid sanctioned heavy fines and potential civil liabilities due to negligence.

By evaluating your level of compliance based on the 8 principles, you can embed robust data governance processes that allow you to manage your data day to day, addressing any issues and reassuring stakeholders. Plus a good data governance strategy makes it easier to access and use your business information to make decisions and adapt operational activities to be more effective.


How can I get started?

Start by understanding what data you hold across your organization with our data workshops. This includes looking at all departments from marketing and HR through to compliance and IT. We review how you collect, process and store this data, including policies, workflows and impact assesments so you can see gaps and put a plan in place to respond.


BSI data workshop

Our data workshops involve:

  • an initial stakeholder briefing on the data goverance principles and any appropriate legislation such as EU GDPR
  • a review of high level critical data flows and identification of your compliance requirements
  • a high level review of existing privacy practices and documentation, including policies, procedures, information registers, dta workflows and Data Privacy Impact Assessments (DPIA)

We will provide a report summary of results so you can see the gaps in the your data governance programme and what you need to focus on to make it more robust.


Data governance verification assessment

If your organization is then interested in a verification assessment, our report from the data workshop will revise the level of effort required for the completion of the data governance verification assessment and map out an assessment plan including

  • What will be covered, including locations to be assessed
  • Who will be interviewed
  • Proposed timings and sampling plan