Last week I gave a webinar on Data Strategy for Data Protection Officers and Data Governance leaders. The topic was the importance of defining a clear strategy. I talked about the need for such a strategy to help navigate the inevitable iceberg question of “how does this role add value”? This is a key issue, not just for formal data leader roles like the DPO and the Data Governance role. It is relevant for anyone who is embracing more on-line ways of working, or looking to do better things in their business (or school, or not-for-profit).

Ultimately, as I’ve been saying for over a decade: everyone is enterprise now. The problems that plague big business and large organisations with information a decade ago are the same problems that will trip up smaller organisations today. The only difference is the margin for error gets bigger at scale.

This topic has also come up a lot in the last few weeks on Data Leader coaching calls with clients. As organisations begin to get back to work, the “new normal” throws up new angles on old data governance challenges.

Icebergs Dead Ahead: The need for data strategy and governance

Organisations of all sizes have gone through a pivot in the past few months that has been significant in scale and impact. Previously sacrosanct business models involving bringing people into one place to produce outputs. We are living in the implementation, and our ship is making great headway across the ocean of change. But there are icebergs on the horizon and we need to start defining coherent data strategies to ensure the ship doesn’t get a hole in it and sink.

These icebergs are both practical and political for data protection and data governance leaders in organisations. The practical icebergs are the ones that we can all largely see and relate to the day to day issues of information management, access control, change control, governance, and technology. The political icebergs are the ones relating to navigating the new world of work where staff (allies and frenemies) are no longer co-located. This leads to key decision makers or influencers being isolated because other stakeholders fear getting an answer they don’t like, or simply because the need to engage the DPO or Data Governance function is overlooked.

There can also be hybrids of this where technology change issues bypass the required governance controls, resulting in inappropriate solutions being implemented. An example of this would be thermal scanners as an infection control measure for Covid.

There are remedies for this problem. One is the introduction of an effective data governance function for data protection. This should clearly set out roles, responsibilities, and accountabilities. The ‘new normal’ will need a clear business strategy on data governance. But that data governance vision has to win hearts and minds by being seen as an enabler of value in the organisation, not a blocker.

So, what can we do?

We need to take the covers off that part of our business strategy and operations that has the label “DATA” on it. Our data, whether about people, products, infrastructure, or content, is an even more critical asset for organisations now as we all work through the Corona-Pivot. It needs to come front and centre. And the data that might be important to achieving your business goals might not be the most obvious. For example, what is the critical data for an online retailer? Customers are important. But you can’t generate income from them unless you have Product. And you can’t manage that properly unless you understand what data you need to ensure compliance with any tax or customs rules (or export restrictions).

What is your BUSINESS GOAL?

As George Harrison famously sang: “If you don’t know where you’re going, any road will take you there“. It is important to be clear on your business strategy and associated goals before you start fumbling with data strategy. If not, you will wind up with “Technology Tactics”. These can often feel like progress, but fail to land a win on your scoreboard.

Once you know your business goal, you can cascade that to some data things you need to be able to do. We call these “Enabling Data Capabilities”. If you don’t have them in place, everything will be, at best, harder than it should be. And, in the process of figuring out what these capabilities are that need to be developed, you may find that your original assumptions about value to be flawed.

For example, we had a client looking to implement AI tools in an elearning context. But their METADATA and MASTER DATA management capabilities were weak. They also had substantial data quality challenges that were actually masked as staff and management accepted them as “the cost of doing business”. AI in that context would have failed to deliver on its promise.

Putting Shape on the Capabilities and your Data Strategy Plan

Boiling the ocean rarely wins you friends, even if the ocean is full of icebergs. Your data strategy vision needs to consider how value will be delivered in the organisation today. But it needs to look forward to value in three to five years. One mistake that DPOs and Data Leaders often make is defining their strategy for the job they have today. What they really need is a strategy to implement the job they want to have in three years.

This is a particular risk for Data Protection Officers. Their role has largely been reactive and mandated rather than being wanted and embraced by organisations. But to fully implement Privacy by Design, the DPO needs to be influencing the strategy and thinking of the company. So, a DPO should be looking at the things that might be coming over the horizon in their industry sector. By looking at future trends you can to start developing strategy for dealing with these things. More importantly, taking a forward looking posture means that DPOs can put themselves in the position of starting the conversations around strategic data change and its implications, rather than chasing the internal rumour mill.

For example, if your organisation is looking to embrace AI or advanced analytics, a DPO might want to sit stakeholders down with this tool from The Leaders’ Data Group .  It might drive some serious conversations about Data Quality and Metadata capabilities. Or if there is a discussion of monitoring of remote workers in the ‘new normal’, perhaps a discussion about the wider organisation culture aspects and the data protection implications might be in order.

Pick One Problem. Make a Difference

When implementing your Data Strategy and your vision for data in the organisation, it’s essential that you pick one thing and start well. Solving lots of small problems frequently is more sustainable in organisations. And it’s easier than trying to push the boulder of large change against the inertia of “we’ve always done it like this”.  Early wins build credibility for the change. And small changes can often have larger knock on impacts.

Take a few days to analyse the pain point you have picked. Take time to understand how and why it isn’t working the way you’d like (the WHY is very important here). Then…

  1. Define one measure for success. What will be different, and how will you know?
  2. Make one change and see does that move the dial. If yes, keep doing it. If no… analyse further and identify the next change.

It could be a DPO shifting from a reactive reporting approach to a structured monthly report that includes an “Industry Landscape” future looking section. Or it could be a small business owner sitting down and making sure they have captured all the possible searchable attributes of products in their inventory so people can find things more easily in their online shop, sometimes a small effort can be the start of big changes.

A practical example that isn’t entirely Data Protection related (for a change)

One of the business challenges any of us seeking to trade online and make ourselves known online will have is maximising our search engine relevance and attractiveness. Over the last 11 years, this site has gone through a series of evolutions, and for a long time (pre-2018) had a “First Page of Google” ranking for “Data Protection”, just behind the Data Protection Commission. That was achieved through content and attention to organic SEO. Today, the market is more crowded.

We need to use the data about the business more effectively. That data is our content, an asset over a decade in the making. We needed to improve how it was managed and presented for search. So, we have spent some time looking at Search Engine Optimisation (a radical technology).

We looked at what was working and what was not. Our previous SEO tool gave us buckets to put things in but didn’t give us any data about how well we were crafting our content. So we changed our SEO plugin. Now we get data on:

  • Readability: or “quality of information presentation” as we call it in Data Quality terms
  • Key phrase usage in text: or “Domain Consistency” as it might be considered in data quality terms.

The plugin provider also has a LOT of educational content. This will help our team learn how to better craft our message. Educating the team on the why of the tool  supports the Human Factors of change. But the data driven insights into our content will be a significant tool for us.

This isn’t rocket science and the changes made aren’t particularly complex. But search engine optimisation is a data strategy building on data management capabilities. It affects a key business goal.

What’s next?

I’ll be talking a bit about this kind of stuff on a webinar with Blacknight, Ireland’s favourite ISP, next Tuesday afternoon.

Castlebridge continues to “eat our own dog food” and work on executing our data strategy to drive excellence in different areas of the business and avoid icebergs on the horizon. I’ll share some tales of that change over the next few weeks and months.