Dynamic Business Logo
Home Button
Bookmark Button

via pixels

Understanding data governance: A 5-step guide for SME owners

Running a business without rules or processes would be total chaos, right? Well, that’s exactly what happens when your data is left unmanaged. For many small and medium-sized businesses (SMEs), the idea of data governance might seem overwhelming or unnecessary. But in reality, it’s the key to making smarter decisions, building customer trust, and streamlining your operations.

Think of data governance as the backbone of your business—a set of clear rules that keeps your data accurate, secure, and ready to drive success. The best part? It’s easier to implement than you might think.

Here’s a simple five-step guide to help you take charge of your data: set clear goals, assign ownership, empower your team, focus on what matters most, and work with your IT team or experts to build a solid framework. Let’s dive in!

Understanding data governance 

Think of your business data as a treasure chest—without proper management, it’s easy for it to be lost, damaged, or stolen. Data governance is like a treasure map, ensuring your data is safe, accurate, and used to its fullest potential. It means knowing who’s responsible for what, like having the finance manager oversee financial data, ensuring consistency across your systems (e.g., customer names are always spelled correctly), and protecting sensitive data by controlling access. Beyond organization, good governance helps you comply with laws like the Privacy and Personal Information Protection Act, safeguarding customer privacy and avoiding costly fines or security breaches. In essence, data governance treats your data as a valuable asset—by setting clear policies, assigning roles, and adhering to legal requirements, your business can make smarter decisions, build trust, and run more efficiently. 

Key elements of data governance include:

  • Policies: Establishing clear guidelines for data use and protection.
  • Roles & Responsibilities: Defining who manages and uses data.
  • Legal Compliance: Adhering to laws like the Government Information (Public Access) Act and Cybersecurity Policy.

Privacy, metadata, and the new legal landscape

As privacy laws evolve, SMEs must carefully manage data, especially metadata, which includes timestamps, location data, and call logs. Although metadata may not always be personally identifiable, it can still raise privacy concerns and face legal scrutiny. To navigate this evolving landscape, SMEs should understand the difference between personal data and metadata, ensure compliance with privacy laws like the Privacy Act 2003 and GDPR, implement strong data protection measures, obtain clear consent for data collection, be prepared to handle metadata requests, and stay updated on legal changes. Regular legal consultation and clear data policies can help ensure compliance and protect privacy.

The case of Grubb vs Telstra recently attracted attention in the Federal Court of Australia, centering on whether metadata qualifies as “personal information” under the Privacy Act 2003. The case began when journalist Ben Grubb requested all personal information related to his mobile phone service from Telstra, including metadata. Grubb requested data such as cell tower logs, call details, and website URLs, but Telstra initially refused to provide the metadata, claiming it was “unidentifiable network data” not covered by the Privacy Act.

The Office of the Australian Information Commissioner (OAIC) sided with Grubb, but Telstra appealed, arguing that metadata didn’t directly identify individuals, thus making it non-personal. In the end, the Administrative Appeals Tribunal (AAT) ruled in favor of Telstra, stating that metadata concerned connections rather than individuals. The Privacy Commissioner’s appeal to the Federal Court was rejected, solidifying the position that metadata is not considered personal information under the Privacy Act.

Purpose of Data Governance Australia (DGA)

Data Governance Australia (DGA) plays a pivotal role in shaping data practices within Australia, partnering with organizations like the Australian Alliance for Data Leadership (AADL), the Association of Data-driven Marketing and Advertising (ADMA), and the Institute of Analytics Professionals of Australia (IAPA). It serves entities that manage data, including Chief Data Officers, Privacy Officers, Risk Officers, and other professionals focused on data security, governance, and compliance.

In the context of the Fourth Industrial Revolution, as described by Professor Klaus Schwab, DGA helps organizations navigate the complexities of rapidly evolving technologies that merge physical, digital, and biological realms. Schwab emphasizes the need for ethical considerations around privacy and security, which DGA supports by guiding businesses through the challenges and opportunities this transformation presents. DGA’s core objectives include advocating for the industry on regulatory issues, offering educational programs to enhance data literacy and compliance, establishing industry standards and guidelines, hosting events for thought leadership, providing research and resources, and fostering valuable networking opportunities. DGA is committed to fostering innovation while ensuring consumer trust in data management, positioning Australia as a leader in responsible data use that benefits society, including vulnerable communities.

How to create a good data governance plan

Set Clear and Achievable Goals

Before diving into technical setups, take some time to reflect on your business’s data needs. Here are key questions to consider:

  • What data does your business handle daily?
    This could include customer information, sales data, financial records, employee details, and more.
  • Who should have access to this data?
    Identify who in your business needs to see and use certain data. For example, sales teams might need customer records, but HR might need access to employee files.
  • How will you keep your data accurate and secure?
    Accurate and secure data is crucial. Think about how you will prevent errors or security breaches (e.g., data entry mistakes, cyberattacks).

To make this more manageable, map out your data landscape. This means clearly understanding who, what, when, where, and why of your data. Once you have a good grasp of these, set specific, measurable goals. For example:

  • “Reduce customer record inaccuracies by 20%.”
  • “Ensure full compliance with data privacy laws by the end of the year.”

Setting these goals gives your team clear direction and measurable milestones to work toward.

Designate Data Owners

In a small business, you may not have a dedicated Chief Data Officer (CDO), but you still need someone to take charge of your business’s data. Data owners are people responsible for specific sets of data within your company. For instance:

  • The sales manager could own customer data.
  • The finance team would manage financial records.

Each data owner is responsible for:

  • Setting the rules for how their data should be handled.
  • Keeping data up-to-date and accurate.
  • Approving any changes to their data.

By assigning clear ownership, you ensure accountability. It helps prevent mistakes, mismanagement, and confusion about who is responsible for specific pieces of data.

Empower Data Champions

While data owners manage the big picture, data champions (or stewards) are the people on the ground who handle the day-to-day data tasks. These individuals are familiar with how data flows through your business and can spot any issues early on.

Together, data owners and champions should form a data governance committee. This group works together to:

  • Review data processes.
  • Define data policies (rules for data use).
  • Monitor the progress toward meeting your data goals.

You don’t need to meet frequently—quarterly or biannual reviews can suffice—but this committee ensures that everyone is aligned and keeps the business on track with data governance.

Define the Scope of Your Data

Not all data is created equal. Your business likely has a mix of important and less critical data. The key is to identify and prioritize your core data. This could include:

  • Customer records (names, contact details, purchase history).
  • Financial data (transactions, profit margins, tax-related info).

These are the types of data that drive business decisions and customer interactions. On the other hand, peripheral data might be less critical (e.g., marketing analytics, demographic details that aren’t directly tied to business operations).

Focusing on core data will help your business prioritize efforts, save time, and reduce complexity. As you review your data, start defining rules around:

  • Data security (who has access, encryption methods).
  • Compliance (following privacy laws, handling sensitive information).
  • Data usage (how data is used and when).

This ensures that your most valuable data gets the attention it deserves.

Leverage Your IT Team or Outsource to Expert

Once you’ve mapped out your data and set some rules, it’s time to create a data governance framework. This is where your IT team or external data specialists come in. For example, if your business uses multiple systems for customer records (e.g., a CRM system, email marketing software), your IT team can help create a master data management system. This system consolidates all customer data into one reliable source, reducing errors and improving data accuracy.

They’ll help you build the systems and processes necessary for managing your data effectively. Some areas to focus on:

  • Data quality: Ensuring that your records are consistent and accurate across all systems.
  • Data lineage: Knowing where your data comes from and how it moves through your systems. This helps ensure the trustworthiness of your data.
  • Metadata: This is information that describes your data (e.g., when it was last updated, who added it, what it pertains to). Use clear tags and formats so data is easier to understand.
  • Data scraping: This refers to gathering external or missing data to complete your records.

Read NSW Data Governance Toolkit here

Keep up to date with our stories on LinkedInTwitterFacebook and Instagram.

What do you think?

    Be the first to comment

Add a new comment

Yajush Gupta

Yajush Gupta

Yajush is a journalist at Dynamic Business. He previously worked with Reuters as a business correspondent and holds a postgrad degree in print journalism.

View all posts