- Setting data governance policies, roles and responsibilities and instituting processes that ensure data is managed effectively reduces the risk of non–compliance with regulatory and industry standards
- Streamlining processes for the sake of regulatory compliance also helps organizations to reduce the cost of non-compliance while increasing operational efficiency and preventing data mismanagement
- Data governance fosters greater data integration, transparency, and visibility to help organizations identify areas of non-compliance as well as opportunities for improvement
A clear strategy is key
Data governance is essential for achieving regulatory compliance, it provides a clear path for meeting legally binding obligations and guidelines. It has become a major focus in tech, cybersecurity, and risk management industries. Without a data governance framework and a clear data governance strategy, it is difficult to ensure that your organization is properly adhering to today’s complex and evolving regulations.
Why data governance matters
Data governance and regulatory compliance has always been included in risk assessments, especially in industries where there is sensitive data or products that need to meet certain safety specifications or where minimum health standards need to be met.
Traditionally, companies only had to worry about government legislation in their own country. With the globalization of trade, the explosion of big data, and the ease of web connectivity, virtually any company that does business online or collects data (even for marketing or analytics) needs a clearly defined data governance regulatory compliance strategy. Without such a strategy, the consequences of not ensuring compliance can be quite stark. For example:
- The Federal Trade Commission (FTC) fined Equifax $700 million for failing to keep the personal data of its users safe.
- The FTC also fined Facebook $5 billion for failing to protect user data from being accessed and misused by third-party developers.
- British Airways were fined $230 million dollars by the UK’s Information Commissioner’s Office for breaching compliance laws and regulations on data security.
- France fined Google $57 million for its lack of compliance with GDPR data privacy rules.
This is why data governance matters, as a lack of it can introduce significant risk to your organization. So, what exactly do data governance and regulatory compliance mean for organizations like yours?
Rules and regulations
Data governance and regulatory compliance laws and regulations affect how organizations can do business. We will focus on several critical areas facing strict rules and compliance requirements: privacy, data security, and the tech sector. There are more than 10,000 regulations in the United States alone that cover the usage and processing of data in various industries, including healthcare and finance.
For organizations conducting compliance audits of their data protection or privacy measures, there are a number of key pieces of data governance legislation to take into account. These include:
- GDPR: The General Data Protection Regulation outlines the procedures, permissions, and security required for all organizations that process the personal data of EU citizens, even if they are not based in the European Union.
- NISTR: National Institute of Standards and Technology (NIST) Risk Management Framework offers a set of security guidelines so organizations can better assess and manage cyber security risks. The framework includes 5 key risk management areas: identify, protect, detect, respond, and recover. Each stage is examined and guidance is provided so organizations can establish the processes, resources, and tools to minimize cybersecurity risks.
- CCPA: The California Consumer Protection Act enforces similar GDPR-style regulations for any organization processing the personal data of Californians.
- EU Data Resiliency Act: An upcoming data framework for the secure and resilient processing of personal information in the European Union. It aims to facilitate secure data sharing and data portability by ensuring the continuity of data processing operations across the EU.
- PSD2: The EU’s Payment Services Directive has been in force since September 2019. It introduces data governance regulatory compliance implications for financial institutions such as the introduction of Strong Customer Authentication and secure certificates.
- HIPAA: A longer-standing compliance regulation governing health insurance, medical records, and other personally identifiable information in the U.S.
Adhering to any of these important regulations using a data governance approach can require major change management within an organization, along with altering business and cultural practices. Operations and technology changes may be required to specifically meet data governance policies and regulatory compliance.
Our expertise in data protection and compliance was part of the driving force behind the development of the Intertrust Platform, our secure data sharing platform. Intertrust Platform helps ensure data governance regulatory compliance by enabling trusted data exchanges and secure collaboration on virtualized datasets between internal and external stakeholders. The Platform’s fine-grained control and audit trails allow for clear policies and understanding of access rights.
Data governance regulatory compliance: Intertrust and E.ON
Intertrust technology is used across the world to create secure data exchanges between multiple (even competing) organizations while adhering to data governance regulations. One example, demonstrating why data governance matters and how best practice can be deployed in the field, is our work with E.ON in Germany.
When it comes to data protection, the German regulatory environment is one of the most thorough in the world. This has created a particular obstacle for Germany’s initiative to roll out electric vehicle (EV) charging points across the country. In addition, Germany has over 800 distribution service operators (DSOs) which run its grid. Germany’s fragmented energy delivery model and the laws and regulations set out by the BDSG (the German Federal Data Protection Act) create a hugely complex data sharing tapestry.
E.ON uses Intertrust tools to navigate these various complications and enable timely and effective data sharing between multiple partners. Specifically, it developed two apps, one of which allows municipality workers to locate, mark, and communicate about optimum placements for EV charge points. The other app allows network planners to access vital technical data, such as load capacity, proximity to grid lines, and other information to assess charge point viability.
The ease of collaboration while adhering to data governance regulations has allowed E.ON to cut the lead time for determining grid viability from ten hours to five minutes. Intertrust technology enforces fine-grained rules and policies governing data access to ensure all of the operations and processes are compliant. This includes protecting personal data from unauthorized access, using geotags to limit access for workers from one municipality to another municipality’s data, and maintaining an audit trail through securely logging all access requests.
Data governance by design
Data governance and regulatory compliance are major concerns for organizations in the age of mass data collection and usage. Laws and regulations, such as GDPR and the CCPA, have introduced significant risks. They also present opportunities for companies who understand why data governance matters and want to adapt to the new regulatory environment and use it to power positive change in how their organization operates. The benefits of data governance include:
- Reduce risk and protecting the organization from regulatory investigations and fines.
- Improve clarity over procedures; for example, taking a uniform approach to how data should be stored across all arms of an organization.
- Expand market share opportunities over competitors who are struggling to ensure compliance.
- Increase profitability through streamlined communication, reporting, and decision velocity.
Intertrust helps companies build data governance and regulatory compliance into their design processes. We improve collaboration, enhance security, and ensure compliance, making our tools essential for digital-first organizations everywhere. To find out more, read more here or get in touch with our team.
