Data Governance vs Data Management: What’s the Difference?

I’m often asked if there is a difference between data governance and data management. The answer is yes — but they are related.

Data governance is a set of principles, standards and practices. They apply to the end-to-end lifecycle of data (collection, storage, use, protection, archiving, and deletion). This ensures your data is reliable and consistent. Data governance:

• Establishes organizational structures
• Confirms data owners
• Enforces rules and policies
• Documents process
• Records business terms and metrics

Data management is the technical implementation of data governance.

Data governance without implementation is just documentation. Data management enables the execution and enforcement of policies and processes for the organization.

My father worked in the construction industry for more than 50 years. Here’s how I described the difference to him. I told him that data governance is the blueprint for a building, and data management is the physical construction of the building. In other words, without data management, there is no physical building. You can construct a building without a blueprint (data governance). But construction will be a less efficient and a less effective activity, with a greater likelihood of problems down the line.

Data governance vs data management can be compared to building blueprints vs building construction.

A blueprint for successful data governance involves people, policies and metrics.

People

People are critical to data governance. Not only are they the ones who create and handle the data — they also benefit from well-governed data. Here are some of these people:

• The subject matter experts in the business. These are the people who can determine standardized business terms for the organization. They can also establish the levels and types of quality thresholds for different business processes.
• Data stewards are responsible for remediating data quality issues.
• IT people are responsible for the architecture and management of databases, applications and business processes.
• Legal and security people are responsible for data privacy and protection.
• Cross-functional leaders, who comprise the governance board or council responsible for resolving disputes between different functions within an organization.

Policies and Rules

If policies define what, rules define how. Organizations use a wide range of policies and rules across processes and procedures; common categories include consent, quality, retention and security.

• Let’s say you have a policy about appropriate use of personal information. This policy states that you must obtain consent for processing before you can use personal information. One rule might define consent options that you use to collect personal data (for billing, marketing or third-party sharing). Another rule might define how you need a customer’s consent before you can send them any promotional offers.

Metrics

What gets measured gets managed. Common technical metrics include things like:

• The number of duplicate records in an application
• The accuracy and completeness of data
• How many personal data elements are encrypted or masked

These metrics help in the technical management of data. But data leaders also try to define how these technical metrics impact business outcome metrics.

For example, days sales outstanding (DSO) is a common business metric. Financial analysts and lenders use DSO numbers to analyze the financial health of a company. If customer address data is incomplete or inaccurate, that will increase the billing cycle time —and lead to an increase in DSO. If DSO is greater than the industry average, analysts and lenders might see that as a sign of risk. And that could lead to a downgrade in the company’s outlook or an increase in the cost of capital.

Now let’s take a closer look at some tools and techniques for data management.

Cleansing and standardization

These are the tools and techniques that help implement and enforce data quality policies. Profiling helps you compare the validity, accuracy and completeness of data against the metrics you set for data quality. You can then fix problems such as non-valid values, incorrect spellings and missing values. You can also embed cleansing rules into data entry processes to enforce data quality at the point of entry. Profiling also helps you identify similarities, differences and relationships between data sources. This makes it easier to remove duplicate records and enforce consistency across sources. You can enrich internal data with external data like DUNS numbers, demographics and geographic data. And many organizations create a centralized hub to help maintain semantic consistency of master data.

Masking and encryption

Use these to implement and enforce privacy and protection policies. Data discovery and classification tools and techniques help you identify and tag sensitive and personal data. You can then use these tags to apply appropriate protection controls to meet internal requirements and external regulations such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Depending on classification and access policies, you may give some users access to the raw data, and mask that data for other users. To determine appropriate internal and external distribution protection controls, you can use data flow modeling to understand how your organization collects, processes, stores and distributes data, both internally and externally. For example, data masking may be fine for access inside your firewall, but you may decide that data must be encrypted before you share it with third parties.

Archiving and deletion

Implement and enforce retention policies and manage the complexities of balancing industry retention regulations (such as BCBS 239 and CCAR) with local and regional regulations (like GDPR and CCPA). For example, you may want to archive data when it is no longer actively required for day-to-day operations. But you still need to be able to monitor that data so you can meet regulatory requirements like tax reporting or long-term storage. Data archiving tools can help you:

• Track how long data should be retained; you can set a designated retention period, and then the tool can delete the data automatically
• Index data for easier retrieval for activities like legal discovery
• Enforce appropriate access and controls for data masking and encryption

Yes, data governance and data management are different entities, but their goals are the same. Both help you create a solid, trustworthy data foundation to empower the smartest people in your enterprise to do their best work.

What is data governance?

Explore the relationship between data governance and data management in our eBook, “Reimagine Data Governance.”

Get our step-by-step guide to launching a data governance program in our “Data Governance Program Workbook.”

Download our eBook, “How to Use Data Intelligence to Drive Better Business Decisions”