Capterra IT Management Blog

Software, technology, and management insights for IT professionals

What Is Data Governance and Why Is It Important to Your Business?

Share This Article

0 0 0 0 0 0

Capterra Affiliate Linking Policy

Capterra’s blogs aim to be useful to small business software buyers. Capterra participates in vendor affiliate, referral, and pay-per-click programs where available. This means after a content piece is written by our researchers, our affiliate manager converts existing mentions of vendors into affiliate links where possible and adds PPC links where appropriate. When readers click on those links, sometimes we make a small commission and when they make purchases, sometimes we earn an affiliate fee. That said, we do not accept free products or services from vendors in exchange for mentioning them on the site.

No Capterra blogs or blog posts are sponsored by vendors; further, our writers independently choose which vendors to cover and what to write about them. In fact, most of our writers are unaware of Capterra’s affiliate relationships.

If you have any questions about Capterra’s affiliate policy, including our impartiality or how to get your affiliate links on our editorial content, please email

I’m a fan of getting things done quickly. I walk fast, I talk fast, I drive fast.

But I’ll freely admit that doing something fast isn’t always the best way.

In fact, there are quite a few things out there that are best done carefully and methodically, if you want the best results.

Crossing the street, for example. Even though I walk quickly, I always stop to look both ways first. Given my high level of impatience, imagine how much faster I could get where I’m going if I didn’t have to check for cars every time.

But the fact of the matter is—danger is out there; cars are on the road. And if one hits me, I won’t get where I’m going at all, no matter how fast I was walking.

The same applies to your business.

You could get so much more done if you didn’t have to follow lots of rules and regulations on how you handle your data.

Employees could access data from anywhere. They could share client data between teams in whatever way got the job done fastest. Your tech team could focus on important projects without having to worry about backing up your data.

But danger lurks in the business world, too. Cyber criminals are out there. They want your data. And their techniques for acquiring it are getting more advanced and more harmful.

So how do you protect your business from the dangers of a world that grows more closely connected all the time?

Lay down ground rules for what your employees can and can’t do with your company’s data.

In other words, you step up your data governance game.

What is data governance?

Data governance is the initiative a company takes to create and enforce a set of rules and policies regarding its data. These policies cover issues such as:

  • Assigning accountability to employees responsible for data assets
  • Granting or restricting access to data, as needed
  • Maintaining data in a way that ensures accuracy and consistency
  • Storing your data securely
  • Backing your data up properly
  • Protecting your data from internal and external threats

Basically, data governance rules cover anything you can think of that concerns your company’s data.

If you want quality data that’s protected from cyber criminals and used in accordance with data-sharing laws, you should make data governance a priority.

But the benefits of data governance don’t stop at data security. Data governance can also help with:

  • Preventing data silos, making data accessible (safely) across departments
  • Providing accurate, consistent data through continual data monitoring and maintenance
  • Ensuring compliance with laws that govern data, such as the Sarbanes-Oxley Act or HIPAA

Good data governance just makes sense. And, in some cases, it’s the law.

But implementing data governance policies needs to be a company-wide effort. Your employees access and use data every day, so their jobs will be affected by any new policies you implement. And, when it comes to data security, your data governance policies will only be effective if everyone follows them.

But, because “data” can refer to so many different things, how can you think of all the rules that encompass data usage and protection?

Start by getting the right people involved.

Who’s in charge of data governance?

Authorities on data governance created this hierarchy for handling data governance policies:

Image Credit: Robert S. Seiner, KIK Consulting

If you can take the time to decipher the above pyramid’s meaning, it really is helpful for determining who’s responsible for when governing your company’s data. I’d recommend keeping this image filed away for future reference.

But I know my reaction when I first looked at this was one of confusion. So I’m breaking down the various data governance roles and their responsibilities for you below.

Data governance council

Their role: A data governance council (DGC) is ultimately in charge of high-level decisions involving data. This is the body that will actually create the policies concerning your data.

Your council should be cross-functional, i.e., it should include employees from different parts of your company. This ensures that everyone who uses data is represented. You wouldn’t want your council to create a policy that prevents a particular team from conducting their business efficiently.

Your sales team, for example, probably accesses sensitive client information every day. Someone from the sales team should be involved when new policies related to data access are up for discussion.

And your IT team, especially, should be represented on the council since they’ll largely be in charge of storing, duplicating, and securing your data.

How data governance affects them: Since you’re not hiring a whole new set of council members, the largest effect of data governance for your DGC will be additional work related to data and data policies. If, or when, something goes wrong, the council will need to step in to examine the problem and recommend a solution.

C-suite executives

Their role: Enforcing new policies from the top down and explaining the effect of new policies on your broader business model to your company’s stakeholders.

Those in the C-suite are in charge of broad sections of your organization. If you’re part of a small company, you might already have chosen some of them to serve on your data governance council. But execs from larger organizations might delegate that role to a senior manager or VP.

Regardless, the suits need to know what’s going on with the company’s data, especially as it relates to the overall health of the business.

How data governance affects them: Executives will have to follow the same rules as everyone else when it comes to data, although they’ll likely have a higher level of access than most employees.

They’ll also need a better understanding of data governance, in general, receiving regular updates from the DGC. Because, when giant problems, such as a data breach or a cyber attack arise, those at the top need to know what their role is in fixing the problem and helping to put the company back on track. After all, it’s their management style and business sense that will largely be under attack when your customers want answers.

Managers and team leads

Their role: Two-way communication between the DGC and the rest of a company’s employees is a must. Enforcing new policies on a team level is also imperative.

Managers need to know how data governance policies relate to their teams, specifically. And they need to be able to communicate with the data governance council when certain policies make their team’s jobs more difficult.

For example, say your DGC decided your employees can only access certain client information via your corporate VPN. Employees sign in to the VPN when they log in to their company computers. But your sales reps often work from home and use their own devices to close and update deals.

The sales manager and the data governance council need to work out a solution so that no client data is compromised, but the sales team can still do their jobs effectively.

How data governance affects them: Managers will likely be the first point of contact if a team member either requests a change in data policy or violates one. They need learn how to effectively communicate their team’s needs regarding data in order to convey those needs to the DGC.

Anyone who accesses or uses data

Their role: Actively following new policies and speaking up when a policy makes their job more difficult.

Much like managers, those using or accessing data need to have the ability to communicate their needs.

Going back to my previous example of the sales team, it’s likely that a sales rep will communicate the lack of access to client data to their sales manager.

Plenty of lower-level employees handle data on a daily basis. As such, they have the best idea of what data they’ll need to access, and how they need to use it.

Your tech team, especially, should feel empowered to speak up. If something goes wrong when backing up data or if they notice suspicious activity on your network, they’ll be the first to know.

How data governance affects them: The policies that the data governance council implements directly affects many employees. Especially if they change the way they do their jobs, employees’ needs should be the DGC’s highest priority after data security.

Why you need a data governance strategy sooner rather than later

If implementing a data governance strategy sounds like a hassle, that’s because it is.

It involves lots of planning, changing habits, and pesky workarounds in order to secure data. And if you decide to take data governance seriously, it will take lots of time and trial and error to get policies right.

Ransomware attacks, in particular, are on the rise. These types of cyber crimes specifically target your company’s data. And once these cyber criminals have it, they’ll destroy or delete it if you don’t pay them a certain amount of money.

An average ransom can cost your company about $2,500, not to mention the cost of new security systems.

Small business are especially vulnerable to cyber crime: 43% of cyber attacks target small businesses, and 60% of those that fall victim to such an attack go out of business.

Making data governance a priority is worth it for peace of mind, alone.

Even if you do get hit by a cyber attack, a good data governance council will have planned for that event and provided backup data or even saved money in their budget for ransoms.

And forget about cyber criminals for a minute. Remember that there are laws regarding data sharing and usage. Imagine how much a fine from Uncle Sam will cost your business.

What now?

Now that I’ve talked some sense into you, where do you even start with all the new rules and regulations you’ll have to create?

I’ve drawn up a handy checklist to help you on your way through this complicated process.

What have your experiences been with implementing new data governance policies? Did employees understand and follow new rules regarding data? Did it make your day-to-day job any harder or easier than it already was?

Let me know in the comments below!

In the meantime, you can check out these other data resources:

Share This Article

About the Author

Kelsie Anderson

Kelsie is a writer and researcher for Capterra. She has a background in English and French literature, so she can read pretty good. When she's not reading and writing about software trends, she enjoys reading about literally anything else, dabbling in comedic pursuits, and settling Catan.


No comments yet. Be the first!

Comment on this article:

Your privacy is important to us. Check out our Privacy Policy.