Data Governance: 5-Step Checklist for Success

 In Data Governance

In May 2018, the General Data Protection Regulation (GDPR) will take effect, enforcing all organizations to be compliant. While the principles of accountability and transparency have previously been implicit requirements of data protection law, the GDPR’s legal emphasis will be crucial both for businesses and organizations operating across borders in today’s digital economy.

How will you balance providing a seamless customer experience with the increasing responsibilities in data privacy and security? 

As we continue  to see an increasing number of high-profile data breaches, brands are recognizing the long-term impact of how a data breach can lead to a loss of consumer confidence — not to mention massive financial implications.

Vigilance is the key. From the vendors you choose to work with, to the policies and procedures in place, here are five steps to jump-start your data governance strategy and ensure successful integration across your organization.

STEP 1: Due Diligence
Audit data flows to determine who has access and where data is going.

Business Team Technology Team
  • Identify vendors in use
  • Validate vendor access
  • Review current contracts
  • Audit vendor technology
  • Review vendor policies
  • Remove non-compliant or unused vendors 











STEP 2: Data Inventory 

Build a data inventory to understand what personal data your organization collects, where it is stored, how it is protected, and who may have access to it.

Business Team Technology Team
  • Agree on data sensitivity both from a legal and experience perspective
  • Agree on the data needed to run marketing vs. operations
  • Document data requirements for running the business
  • Document where the data stored (Customer Data, Campaign Data, Enterprise Data)
  • Ensure that data handling is in compliance with business policies and legal requirements
  • Check vendor integrations









STEP 3: Build Controls
Develop policies and procedures to provide clear and accurate notice of data usage both internally (policy and process) and externally (notification and terms and conditions).

Business Team Technology Team
  • Verify proper contacts with vendors
  • Create governance policies and processes
  • Update external and internal communication
  • Configure vendors for ‘least-access’
  • Create data audit guidelines and tests
  • Test and audit internally for compliance
*Ensure employee training across the entire organization










STEP 4: Data Governance Panel
Work across the organization to activate against internal processes for both business and technology teams to move forward.

Business Team Technology Team

Communicates with Technology on:

  • Needs to drive marketing and customer experiences
  • Legal ramifications of non-compliance
  • Expectations of the business on technology

Communicates with Business on:

  • Best practices with access, transmission and storage of data
  • Protects the data and the customer from ‘bad’ players (internal, external, partner)
  • Enables business within reason

Collection Directive











STEP 5: Provide Clear and Accurate Notice
Ensure transparent and explicit consent (opt-in) and communicate usage across the organization, customers and vendors.

Business Team Technology Team
  • Update Privacy Policy to reflect data usage (i.e. cookie policy, IP usage)
  • Provide means for opt-out across all marketing
  • Communicate with technology on evolving data usage
  • Provide customers with Explicit Opt In/Out
  • Ensure ‘Right to be Forgotten’ and general data deletion directives
  • Communicate to Business and Vendors of compliance changes or lack of

It's everyone's responsibility











In an era when providing a personalized experience is paramount, customer data can be vulnerable to many outcomes. Organizations must be proactive to mitigate the risks that could potentially expose sensitive information. There are five ways to  promote an organization-wide tenor of consumer confidence and to ensure that the value exchange of data is safeguarded. From a vendor standpoint, data should be audited to determine who has access and where the steady flow of information is going.  The strategic parameters for your business and technology teams must be defined.  Build a data inventory to understand what personal data your organization gathers is essential. Where does it live? Who in the organization has access to that information. And what kind of data is it — first, second, or third-party? Organizations should develop the policies and procedures that provide built-in controls for the usage of that data once it is defined for each case. Make sure that the vendor is working hand-in-hand to reach a level of business expectation that serves the customer experience. What’s in it for everyone? Lastly, ensure transparent and explicit consent of that information and communicate usage across the organization, customers, and vendors.

Learn more about how to make sense of the current legal landscape and how to provide these safeguards to your customers in our webinar: 5 Steps to Building your Data Governance Plan.

Download our Data Governance Checklist: 5 Steps for Balancing Customer Experience with Privacy & Security.

Recommended Posts