Data Governance as the Enabler of the Data Economy

In the era of digitalisation, data has emerged as a highly valuable business resource. However, it is rarely treated as consistently and transparently as other business assets. This restricts the access to data assets that stakeholders need to maximise their business value. Despite the growing need for a comprehensive view of data, data governance is still a black box for many organisations. The companies engaging in data governance or in related areas mostly refrain from calling it ‘data governance’ or from attaching a strategic perspective to it. Yet a clear awareness of what data governance is and how it materialises is essential for the respective organisation in order to become more data-driven and hence be able to exploit the potential of the data economy.

Definitions and key factors of data governance

The joint project entitled ‘Data Economics and Management of Data-Driven Business’ (DEMAND) conducted by the German Economic Institute (IW) and the Fraunhofer Institute for Software and Systems Engineering (ISST) defines data governance as follows: Data governance is the framework that forms the basis for dealing with and managing data for all internal and external stakeholders of an organisation.1

To ensure practical relevance, this definition was developed jointly with companies. In contrast to many existing definitions, the concept includes both the individual companies and other entities within a business ecosystem.

Data governance is separate from data management and data operations as can be seen when looking at the system, process and strategy level of an organisation and its data ecosystem (Figure 1):

• On the system level, data architecture defines the technical implementation of the data ecosystem.
• On the process level, data management represents the operational implementation of the data ecosystem within the framework of data governance.
• On the strategy level, vision, mission and strategy define the role of the data ecosystem for the realisation of business activities and goals.

The key function of data governance is hence to ensure data availability and data quality (accuracy, completeness, reliability) for all possible management tasks and operations that contribute to the vision, mission and strategy of the company. The goal of data governance is to ensure interpretability, correctness, completeness, trustworthiness, security, accessibility and traceability of enterprise data in an efficient and effective manner.2

Dimensions of data governance

Data governance consists of several correlating dimensions with sub-dimensions that partially overlap. Figure 2 depicts these sub-dimensions and the questions that the respective sub-dimension intends to answer.

Assets: They present the core of data governance. Data are strategic assets whose quality needs to be ensured. The strategic value of data assets for improving decision-making capabilities and organisational performance needs to be assessed and understood. The value of data that could be shared with or sold to partners to improve performance or directly contribute to revenue needs to be measured. For these purposes, data governance defines how the (economic) value of the data can be determined and identified across the organisation. Data evaluation tools are still in their infancy in many companies. Krotova et al. give an overview of possible methods of determining the value of data.3 Popular methods include those based on market prices, costs and benefits.4

Roles, tasks and responsibilities: Having understood the strategic value of data, the central element of data governance is the definition and determination of roles, tasks and responsibilities. First and foremost, it should be clear who is responsible for the quality of or has ownership of the data. This ownership should be integrated into the data governance structure. It should be understood when, how and to whom to escalate data issues if necessary. Data stewards assure that the needs of the business are met by maintaining business terms, ensuring that data definitions align and monitoring for adherence to policies.

Compliance: Data governance facilitates the implementation of processes and regulations in order to comply with internal as well as external regulations such as the General Data Protection Regulation (GDPR). In particular, data governance sets the stage for securing privacy preferences.

Security: Data governance also defines the processes that ensure data security, among them the data protection against falsification, destruction and unauthorised disclosure to third parties. This is especially relevant in the light of the increasing risk of cyber-attacks and cyber espionage.5

Processes: Data governance entails proper processes for data (quality) management. This includes formalised feedback loops to the source when correcting data errors so that errors do not have to be corrected repeatedly. Relevant processes also structure and classify data, describe how data moves within and beyond the organisation and link business terms to the business glossary. Regarding the data life-cycle management, processes include the procedures for creation, updating, maintenance and deletion of data.

Architecture and tools: This dimension defines the standards for the technical implementation of data processes. The architecture identifies relevant business processes, leading systems, data objects and data flows on a conceptional level. Tools refers to management tools for meta data, master data and the business glossary, for example.

Distribution of data governance implementation

Data governance is a trending topic, as demonstrated by the exponentially increasing number of scholarly publications in recent years.6 Yet it still needs to be more widely discussed and incorporated among companies. Best practices are rare. While 80% of companies in North America have established (30%) or planned (50%) data governance, only 20% of companies in Europe have data governance in place and 48% are planning it.7 A representative survey of 1,104 German companies in the industry and industry-related services sectors conducted at the end of 2018 shows that many companies are still in the infancy stages with regards to the development and implementation of data governance.8

Around 65% of companies either do not yet collect data to a significant extent or have not yet created any structured regulatory framework for data. Internal departmental access and usage rights for available data as well as contact persons for data governance issues exist in only 15% of the companies. Approximately 16% of the surveyed companies are advanced regarding data governance implementation: they have clear rules and policies in place for maintaining and processing data. Only four percent of the companies have defined company-wide data governance rules; the implementation of these rules is controlled in a structured process and the responsibilities for the various data governance tasks are clearly defined. Around two percent of German companies have already professionalised their data governance processes in such a way that compliance with data governance rules is monitored via fully automated IT systems. In general, company size (measured by the number of employees) and the maturity regarding data governance are positively correlated.9

There are 794 of the 1,104 companies surveyed that store at least some data digitally. Most companies of them (89%) have defined access and usage rights in the context of data governance (Figure 3). The process of merging and processing data is also already organised in 81% of the companies with digital data.

A control of the respective rights and obligations takes place, however, in only some of the companies with such rules. Only 56% of the companies with digital data state that they have also stored these rules for the use of data in their IT systems. General control processes for compliance with data governance rules have been introduced in 38%, while violations of the rules are only reported automatically by the IT systems in 22% of the companies.

Compliance thus far the main driver

Compliance is an important driver of data governance, as the survey shows. Three out of four data-storing companies state that they have central internal contact persons who are responsible for compliance with the legal framework. Almost 70% have a compliance strategy. Slightly more than one-third of companies have implemented automated processes in their IT systems that support compliance with legal frameworks.

The fact that data governance has been thus far mostly a compliance issue and not a strategic topic that regards data as an asset is confirmed by other studies, among them Bloemen and Grosser.10 According to this worldwide study, compliance is the main driver for data governance for 56% of the surveyed companies. More efficient data management as well as an increasing number of business-relevant data and analytics use cases are the important drivers for around 50% of companies (respectively, due to multiple answers possible). Especially in Europe, compliance is the main cause of the implementation of data governance (64% of companies compared to 48% in North America and 30% in the Asia-Pacific region). This can at least partially be attributed to GDPR.

Data governance is far more than just compliance, however. It is the enabler of the data economy – ranging from advanced analytics to artificial intelligence – and, as such, the enabler of the future economy itself.

Having data vs. having data available

Data governance beyond compliance sees data as a strategic asset. It breaks the silos of data present at different stages of the business process and in different business units while also making high-quality data available to all business processes and all business units according to their current and future needs and requirements.

The presumption is that data governance succeeds in aligning different requirements (Figure 4). Each business unit and each stage of the business process has different data requirements and target functions that do not necessarily correlate or overlap. Particularly, their target function does not include making high-quality data available to others. They may have differently defined levels of trusted, timely and relevant data (user data requirements). General data quality requirements dictate that the data is correct at the source (errors should not move across the company) and that there are reconciliations and automated controls as well as a documentation. General data quality requirements hence need to be a ‘stand-alone’. Core data governance provides the ownership of these data quality controls, as well as the definition of the data landscape. The data-IT and architectural requirements support these different requirement stages by avoiding parallel flows, recognising a golden source and aligning the architectural strategy.

If data governance manages to align these requirements, it closes the gap between having data and having data available for each stakeholder.

Incentives to establish data governance

Many companies are not yet aware of the aforementioned data requirements ecosystem. An explorative survey among German companies in several industrial sectors indicates that data governance approaches are often limited to individual departments or business units.11 Also, the findings of Bloemen and Grosser show that limiting data governance to specific environments is a common practice.12 This implies that data ownership is confined to one specific business process stage; there are no data owners that are responsible for the entire company and thus for the data quality at all business process stages in all units. A holistic accountability for data quality and the ownership of data quality controls, however, are at the core of data governance and hence the core of a data-driven company.

With digitalisation and digital business models continuing to evolve, it becomes increasingly urgent for companies of all sectors to understand that data governance needs to be company-wide in order to be efficient and effective, and that the advantages of such data governance are not confined to more efficient compliance.

Protection of intellectual property

It follows digitalisation that business models are more and more service oriented. The business term ‘Anything as a Service’ (XaaS) describes that products are offered as a service or as hardware combined with a service. This has direct implications for a company’s data, since these services are based on data. Each data point needs to be flagged according to whether it belongs to the company’s intellectual property or to the service being sold. In a service transaction between company A and customer B, is it the default to transmit all entailed data to B or is there a part of data flagged as intellectual property that stays with A? Data governance is needed to label the data consistently, timely as well as in a transparent and efficient manner. Companies that offer data-based services need to establish a data governance framework in order to be able to protect their intellectual property.

Exploiting the benefits

This, however, is rather reactive reasoning for data governance. Instead, organisations should take a proactive, forward-looking stance on the topic, realising and exploiting the obvious advantages of data governance. Among those companies surveyed by Bloemen and Grosser that have already established data governance, its benefits are undisputed.13 The top benefits include enhanced decision-making support through a better, more effective use of data; creating a unified understanding of data and a harmonised view of all relevant data; creating conditions for data-driven work and thereby becoming a digital company; increasing process efficiency; and building common objectives, benefit concepts and mindsets when dealing with data.

At the same time, making this added value of data governance that manifests itself in such various ways – as the benefits mentioned above show – measurable and hence more perceivable, is very difficult. It would be helpful to be able to measure it as companies would then have a more apparent ‘business case’, because what gets measured, gets done. Having obtained figures about the effectiveness of good data governance, advantages of data governance on the individual level like self-service access to data might become more apparent and employees might realise that data governance is not about onboarding data for someone else.

As a matter of fact, “making the added value of data governance visible” is one of the top challenges to implementing data governance according to Bloemen and Grosser,14 and is second only to the challenge of lacking resources. A lack of managerial support is also a significant challenge. Data governance impacts how organisations leverage data to make decisions. Hence, it is important that the management is aligned and invested in data governance: in short, data governance must be understood by leadership.

Policy incentives to invest

Policy changes could help overcome at least some of the challenges. All in all, there are three viable approaches to incentivise organisations to invest in data governance:

1. Regulatory requirements. GDPR has proven that it promotes data governance. Another possible regulatory requirement could be to include a data statement (possibly including information on data quality) in the balance sheets. Data statements could also be required by law for any merger (or other business transformation). However, the costs for compliance could be disproportionately high for small companies, which is an economically and competitively undesirable side-effect.
2. Tools to measure and monitor the advantages of data governance. The use of successful pilot projects cases would be one way to show how data governance improves company performance. Furthermore, practical tools should be developed and made available for the companies, ranging from initial potential assessment tools to more specific and advanced tools.
3. Financial rewards. Proving the existence of data governance (on paper and in practice) could be rewarded (at least in the short term) by tax benefits or other financial incentives.

As data is a strategic asset, it needs to be treated accordingly starting with proper data governance, which is a practice, not a project.

• 1 The project ‘DEMAND – Data Economics and Management of Data-Driven Business‘, funded by the Federal Ministry of Energy and Economics (BMWi), develops methods, tools and process models to enable companies to participate in the emerging data economy. See O. Aliu, C. Azkan, P. Bresser, J. Bretfeld, V. Demary, B. Engels, J. Fiedler, M. Fritsch, J. Gelhaar, H. Goecke, L. Iggena, T. Korte, A. Krotova, K. Lichtblau, D. Lis, L. Meisel, N. Müller, B. Otto, C. Rusche, M. Scheufen, E. Schmitz, M. Spiekermann, C. Thiele, B. Trautmann: Data Economy, Status Quo der Deutschen Wirtschaft & Handlungsfelder in der Data Economy, White Paper, 2019, DEMAND, available at https://www.demand-projekt.de/paper/DEMAND-DataEconomicsAndManagementOfDataDrivenBusiness(WhitePaper).pdf.
• 2 J. Bloemen, T. Grosser: How To Rule Your Data World, 2018, p. 3, available at http://barc-research.com/research/how-to-rule-your-data-world/.
• 3 A. Krotova, C. Rusche, M. Spiekermann: Die ökonomische Bewertung von Daten, IW-Analyse No. 129, Cologne 2019, German Economic Institute.
• 4 Also see A. Zechmann, K. Möller: Finanzielle Bewertung von Daten als Vermögenswerte. Methode und Anwendung eines nutzenorientierten Ansatzes, in: Controlling, Vol. 28, No. 10, 2016, pp. 558- 566.
• 5 European Union Agency for Network and Information Security (ENISA): ENISA Threat Landscape Report 2018, 2019, available at https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018; and B. Engels: Wirtschaftliche Kosten der Cyberspionage für deutsche Unternehmen. Cybersicherheit als Grundvoraussetzung der digitalen Transformation, IW Policy Paper No. 6, Cologne 2017, German Economic Institute.
• 6 For a thorough analysis, see A. Krotova: Raus aus der Black Box: Die Bedeutung von Data Governance in der Forschung, IW-Report, forthcoming.
• 7 J. Bloemen, T. Grosser: How To Rule Your Data World, 2018, available at http://barc-research.com/research/how-to-rule-your-data-world/, p. 7.
• 8 DEMAND – C. Azkan, V. Demary, M. Fritsch, H. Goecke, T. Korte, A. Krotova, K. Lichtblau, E. Schmitz: Readiness Data Economy. Bereitschaft der deutschen Unternehmen für die Wirtschaft 4.0, Cologne 2019.
• 9 Ibid.
• 10 J. Bloemen, T. Grosser: How To Rule Your Data World, 2018, p. 8 f, available at http://barc-research.com/research/how-to-rule-your-data-world/.
• 11 B. Engels, C. Schäfer: Data Governance in deutschen Unter-
  nehmen, 2019, forthcoming.
• 12 J. Bloemen, T. Grosser, op. cit., p. 10.
• 13 Ibid.
• 14 Ibid., p. 17.