As outlined in the discussion on developing a data strategy, the journey to becoming a data-driven organisation begins with a clear vision, practical objectives, and strong frameworks. Data governance plays a critical role in this transformation. Whether or not the data strategy has been finalised, the responsibility to protect and govern data is a priority that must be addressed immediately. It is for this reason that data governance is seen as central to being data-driven and using data effectively.

Data governance aims to ensure that data, especially personal data, is valued by being well-defined and understood, is accurate and of high quality, accessible for appropriate use and is well protected. Data governance should be applied consistently throughout the organisation and is not purely the domain of data specialists.

For data governance to be implemented successfully, several foundational and operational aspects must be addressed.

1. Conduct a capability maturity assessment

Often a good starting point for data governance is to conduct a maturity assessment. A data capability maturity assessment is a structured evaluation used to measure an organisation’s maturity in managing and using data. It assesses how well an organisation collects, stores, processes, analyses and governs its data to support business goals. The results of the assessment and associated recommendations can be used as a basis from which to drive improved maturity and act as a catalyst for implementing data governance.

2. Develop a data governance framework

A data governance framework provides the blueprint for the implementation of data governance and describes the primary components of the programme. Some of the aspects considered in the framework are:

• Alignment with the organisational strategy, mission and objectives
• Purpose and benefits of data governance including risks and risk mitigation
• The data governance structures, forums, roles and responsibilities, including data ownership and stewardship. This should include practical details on oversight and operation of data governance practices within the organisation (see point 3 below)
• Supporting policies and procedures, including compliance requirements and regulatory frameworks associated with data governance
• Metadata and data quality management
• The intersection between data governance, data protection and privacy, security / cybersecurity and information risk management (including compliance and audit functions)
• Measurement – how to measure the effectiveness of the data governance programme
• Communication, training, awareness and change management

3. Assign roles and responsibilities within the organisation

The roles and forums described below do not necessarily require creating new positions or adding headcount, although this may be required in certain larger, data-rich organisations. The functional roles should be adapted and applied as practically as possible according to the organisation’s capabilities– a key aspect of the RED programme guidance is to assist organisations in applying these principles as practically as possible. The objective of defining a framework and roles documentation to set out this practical application and assignment of roles within the organisation.

A detailed definition of each of the structures, forums, roles and responsibilities, and terms of reference should be documented. (This may be done as part of the framework, but ideally as a separate document to avoid the framework becoming bloated and difficult to read and maintain).

Some of the roles to be considered are:

• The executive forum, often called a Data Governance Council, Data Governance Steering Committee or similar is represented by executives across all business areas and is a function of the executive or board. It provides oversight, sponsorship and support for data governance. It is chaired by the head of the organisation or an assigned executive head of data governance. Members of this forum are often termed Executive Data Owners as they will own data governance implementation in their area of oversight.
• Data Owners – ownership for data resides, not with the technical area (IT) of the organisation, but with persons responsible for making decisions through the use of data. Consequently, data owners are typically mid-level or divisional managers, process owners and the like. They are responsible for supporting data stewards and ensuring that data value is optimised through careful and
• Data Stewards interact with the data on a daily basis. They ideally drive quality and understanding of how data flows and is stored and what the technical (IT and Analytics) teams need in order to produce the required outcomes for business decision-making. Although they would not be expected to fix data quality issues, they should assist by analysing the root causes of poor quality. Data stewards are seen as the engine that drives data governance.
• Subject Matter Experts. Data stewardship cannot function effectively without the support and assistance of subject matter experts in the technical data management functions (including database administration, data engineering, business intelligence or data science, etc.).
• Depending on the size of the organisation, the following functional forums may be constituted:
  • Data Governance Office to guide the implementation of data governance in the organisation. In GoR institutions, it is anticipated that RISA, along with its CDOs appointed to each ministry or agency, will provide this capability.
  • Data Governance Working Group(s) meets regularly (often monthly or bi-weekly) and is normally aligned to a functional area or domain. It comprises the Data Owners and Data Stewards, chaired by a data governance lead and discusses current activities, any issues or challenges and then shares knowledge on the best ways to address different aspects related to improving understanding and quality of data.

4. Identify and define internal policies, procedures and standards required to support data governance

Data governance provides oversight of data based on internal policies and procedures. It is therefore essential that key policies and procedures that support data governance are defined, and that staff are made aware of these policies and procedures as well as the associated standards. Where these policies do not exist, they will need to be developed and written up.

5. Create an implementation roadmap

An implementation plan should be developed that sets out both short- and medium-term objectives for that data governance programme. Recommendations from a maturity assessment can be used to inform this plan.

It is essential that the plan be realistic and practical, we recommend defining one or more specific use cases to pilot the implementation of data governance and the data strategy. These can be done as 3-6 month projects under the overall umbrella of the data governance programme and can then allow for establishing of roleplayers, clearly defined objectives and measurement of success. The experiences gained from these use-case implementation pilots can be used to enhance further implementation of data governance and data strategy.

6. Create the alignment between data governance, privacy (data protection), security and information risk management

Data governance, of necessity, addresses personal data and areas of risk. It also relies heavily on adequate security. It is important, though, not to overextend the reach and capabilities of the data governance programme. Therefore, a rationalised approach is recommended, where the data programme relies on and leverages capabilities in these other areas to the best effect.

These ‘hand-over’ areas must be clearly defined so that the expertise in each of these areas is respected and contributes to achieving optimal value from data assets while ensuring compliance and managing data risks.

The Capacity Development workstream of the RED2 programme plays an important role in helping organisations get value from their data to leverage data-driven decision-making to the best effect for the Rwandan economy.

If you would like to learn more about our capacity development initiatives, please contact Angelos Munezero.