5 STEPS TO

SUCCESSFUL DATA
GOVERNANCE
Data quality, protection, compliance, and a whole lot more EBOOK
1 Why Focus on Data Governance
2 The Benefits of Control
4 Create Your Data Governance Strategy
7 As Data Proliferates, Iterate

WHY FOCUS
ON DATA
GOVERNANCE?
In the past few years, organizations worldwide have been paying
more attention to data governance. According to “Data Governance
Survey 2017”1, 53% of companies just started working on data
governance two years ago. There are three main reasons for this
increased interest. First, the volume of data and the number of data
sources are exploding—IDC estimates the data created and copied
annually worldwide will reach 44 trillion gigabytes by 2020—and
companies are struggling with controlling and managing it all.2
Second, businesses are facing increased calls for compliance due to
privacy regulations such as the European Union’s General Data
Protection Regulation (GDPR) and the United States’ Health Insurance
Portability and Accountability Act of 1996 (HIPAA). Also coming into
effect on January 1, 2020 is the California Consumer Privacy Act
(CCPA), which PwC calls “the beginning of America’s GDPR.”3
CHAMPION GUIDES
Aside from handling the increase in data and privacy regulations,
survey respondents implementing data governance want to
improve the quality of their data to help them make better business
decisions. And the data is clearly in need of being improved: A 2018
DATAVERSITY report found that 42% of respondents did not have
a high level of trust in their enterprise data.4
Without great data quality, you can’t make smart business decisions.
And without strong data governance in place, you can’t have great
data quality. This ebook presents five steps to building a strong data
governance program and it provides some considerations to keep
in mind along the way. But first, let’s delve more into why you need
strong data governance in the first place.
1

THE BENEFITS
OF CONTROL
Gartner defines data governance as “the
specification of decision rights and an
accountability framework to ensure the
appropriate behavior in the valuation, creation,
consumption and control of data and analytics.”5
However, data governance can focus too much
on rules about what people can and can’t do
with data. The goal should be to empower
people to fix problems and find opportunities.
When executed well, data governance can
provide the following rewards for improving
how your organization handles data.
BETTER REGULATORY COMPLIANCE
Businesses most commonly begin thinking about
data governance when they need to comply with
regulatory policy.6 Examples of these regulations
include GDPR, which changes the way organizations
can collect, store, and transmit the personal data
of EU residents; HIPAA, which mandates privacy
protections for patient health information in the U.S.;
and the U.S. Sarbanes-Oxley (SOX) law, which set
rules for creating and maintaining corporate records
to improve the accuracy of corporate disclosures.
Data protection laws are already on the books or
being proposed in several U.S. states. The upcoming
CCPA, which will affect many large companies doing
business in California, will give Californians the right
to request that companies delete their personal data,
know whether it is being shared and the categories of
companies it is shared with, and maintin the ability to
opt out of having their data sold to third parties. Such
regulations require organizations to be able to trace
their data from source to retirement, identify who has
access to it, and know how and where it is used.
Data governance sets rules and procedures around
ownership and accessibility of data. Without it,
sensitive information can get into the wrong hands
or be improperly expunged, leading to governmental
or regulatory financial penalties, lawsuits, and even
jail time.
CHAMPION GUIDES
INCREASED DATA SECURITY
Along with the proliferation of data sources both
inside and outside enterprises, data breaches are on
the rise. Cybercriminals will steal 33 billion records
annually by 2023, according to Juniper Research’s
“Cybercrime & the Internet of Threats 2018” report.7
Meanwhile, a global study by Varonis found that
88% of companies with more than one million
electronic folders don’t institute appropriate access
limitations to their data, and 41% of companies have
more than 1,000 electronic files containing sensitive
customer data (such as health records and credit card
information) open to all of their employees.8 Those
are data breaches waiting to happen.
Data governance is vital to improving data security.
Like regulatory compliance, data security hinges on
traceability: knowing where your data comes from,
where it is, who has access to it, how it’s used, and
how to delete it. Data governance sets rules and
procedures, preventing potential leaks of sensitive
business information or customer data so data
doesn’t get into the wrong hands. Such leaks can
damage your company’s reputation and cause you to
lose customers and revenue.
2

With insightful data governance rules in force,
sensitive data in databases and systems can be
tagged and managed appropriately. Enterprises can
limit access to that information and also determine
the process for removing a user’s access quickly
and comprehensively. In the event of a breach, the
increased traceability can help you see what was
compromised and where else in the organization
that data is used. If customers request to have all of
their data expunged, a governance framework can
determine all the locations and users of that data.
CHAMPION GUIDES
IMPROVED DATA QUALITY For manufacturers or retailers, data that is accurate
and properly analyzed can improve forecasting and
Data governance also involves oversight of the
inventory projections, thereby increasing revenue
quality of the data coming into a company, as well
and reducing costs that could be incurred from over-
as its use throughout the organization. For example,
forecasting. And in a point-of-sale system, currency
data stewards, who own and manage the data, can
conversion depends on the accuracy and frequency
identify when data is corrupt or inaccurate, when it’s
of the conversion information. Data governance can
not being refreshed often enough to be relevant, or
put business rules in place to ensure that information
when it’s being analyzed out of context. They can
is current and correct.
also identify data that’s in a silo and causing issues,
and set rules and processes that integrate it with The ability to trust data is a cornerstone for data-
other lines of business. For example, if the marketing driven organizations that make decisions based
team can’t access sales information, it might target on information from many different sources. Data
the wrong communications to a sales lead that’s in governance can increase that trust; the key is to
a different part of the sales funnel. In addition, data implement it well.
governance can increase accountability for data,
exposing where errors have been recorded or rules
for inputting data haven’t been followed. All of these
scenarios prevent situations that can lead to missed
or bad business decisions, loss of business revenue,
and increased costs.
3

CREATE YOUR
DATA GOVERNANCE
STRATEGY
The first thing to remember as you formulate a
data governance strategy is that data governance
is not a technology; it’s an organizational
commitment that involves people, processes,
and tools. Here are five steps to applying a
successful data governance strategy that will
enable your business to unleash the power of
your data and reap the rewards.
1. DESIGN THE PRELIMINARY FRAMEWORK
AND ESTABLISH A TEAM
At its root, data governance centers on the people
who build and apply it. So the first step is to establish
a core team of stakeholders and data stewards to do
the preliminary work in creating a data governance
framework. This begins with performing an audit to
identify issues with current data management policies
and areas needing improvement. They can then
design a business case for data governance, define
guiding principles that pinpoint what’s important, and
establish decision rights that identify what decisions
need to be made, who will be involved in making
them, and how they will be made.
CHAMPION GUIDES
Then, the core team can form a Governance
Council that includes executives whose data is
being governed and stakeholders from all parts of
the organization to ensure rules and procedures
are cross-functional, which is a requirement for
compliance. The council should clearly define roles
and requirements: Who will own the program or
implementation? Who will own certain types or areas
of data? Who will own the policies? How will policies
be enforced?

1 2 3 4 5
Design the Preliminary Define Requirements Assess Available Tools Identify and Address Execute
Framework and and Policies and Skills Capabilities and Gaps
Establish a Team

4

2. DEFINE REQUIREMENTS AND POLICIES
The next step is to define the problems you’re looking
to solve through data governance. Is it better regulatory
compliance, increased data security, improved data
quality, or all three? Within those broad areas, what
are you attempting to achieve with your data?
Here is a list of examples:
• Provide access to more users.
• Create more transparency about the flow of data
through the organization.
CHAMPION GUIDES
3. ASSESS AVAILABLE TOOLS AND SKILLS
Does your organization have the skills and tools
needed to execute its data governance program?
You’ll need people with skills in data modeling
and architecture, business analysis, program and
project management, database administration, and
report development. You’ll also need tools for data
modeling, data cataloging and management, data
movement (for example, a data pipeline), data quality
control, and data reporting and analysis.

• Increase the accuracy of external data.

4. IDENTIFY AND ADDRESS CAPABILITIES
• Determine what your rights are for using the data. AND GAPS
• Remove a data silo and integrate the information Once you’ve assessed what you have, you’ll need to
into other parts of the organization. figure out how to fill the gaps. You can fill gaps by
• Create a central source of truth for data. purchasing tools and hiring in-house specialists or by
• Restrict sensitive information. using partner tools and third-party specialists.
• Track and categorize the sensitivity of data
(nonsensitive, sensitive, or extremely sensitive).
• Establish a set of rules for deleting data.
• Revoke an employee’s access to data upon
job termination.
• Institute a set of data rules for a government
compliance audit.

After creating your list, establish your priorities and

start with those first. Identifying and restricting
sensitive information is often a good place to start,
for compliance and security reasons.

5
 CHAMPION GUIDES
5. EXECUTE An important data modeling tool is a centralized
metadata repository, which stores descriptive
You’re now ready to inventory your data: What
information about the data model used to store
data do you have, and where does it reside? Who
and share information about your data, such as its
has access, and how do they use it? Companies
meaning, source, and relative quality. A centralized
often start with data modeling, which involves “the
metadata repository will help you locate and secure
use of diagrams, symbols, and textual references
your most sensitive data. It will also help you
to represent the way the data flows through a
understand and manage the lifecycle of your data so
software application or the data architecture within
you can ensure its proper disposal at the end of life.
an enterprise,” according to DAMA International, an
independent, nonprofit global association dedicated
to data management.9

Figure 1: An example of a data warehouse data model using JSON 3NF.

6
 CHAMPION GUIDES
AS DATA
PROLIFERATES,
ITERATE
As your company’s data grows, you will need to
continue to establish rules and procedures
around its governance. Data governance is not
just a project you can launch and then wrap
up in an 18-month period. It is a continuous
organizational commitment that needs to grow
and adapt to new compliance, business, and
security challenges. Creating a permanent data
governance team and structure to meet those
challenges will help ensure the future success
of your organization.

Learn more about how Snowflake inter operates

with a variety of security and governance tools.

7
 ABOUT SNOWFLAKE
Snowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant
elasticity, secure data sharing, and per-second pricing, across multiple clouds. Snowflake combines the
power of data warehousing, the flexibility of big data platforms, and the elasticity of the cloud at a fraction
of the cost of traditional solutions. Snowflake: Your data, no limits. Find out more at snowflake.com

© 2019 Snowflake. All rights reserved.

CITATIONS
https://ciowatercooler.co.uk/resources/DataGovernanceSurvey2017.pdf
1

https://www.emc.com/leadership/digital-universe/2014iview/executive-summary.htm
2

https://www.pwc.com/us/en/services/consulting/cybersecurity/california-consumer-privacy-act.html
3

https://s3.amazonaws.com/external_clips/2956460/7_74342_TrendsinDataGovernanceandStewardship_final.pdf?1547483532
4

https://www.gartner.com/it-glossary/data-governance
5

https://ciowatercooler.co.uk/resources/DataGovernanceSurvey2017.pdf
6

https://info.varonis.com/hubfs/2018%20Varonis%20Global%20Data%20Risk%20Report.pdf
7

https://www.juniperresearch.com/document-library/white-papers/cybercrime-the-internet-of-threats-2018
8

https://dama.org/content/what-data-modeling
9