Navigating Global Data Governance

On Monday 14 January, techUK held a briefing exploring how data governance is managed in companies that operate in a global context.

Speakers included

  • Dyann Heward-Mills, CEO, HewardMills Ltd (A global DPO service headquartered in the UK)
  • Gerard Chan, Vice-President, Legal, Symantec
  • Deahne Baker, Senior Legal Counsel, Marken
  • Kasey Chappelle, DPO, GoCardless

The panel had a wide ranging discussion looking at:

  • The various data governance frameworks and standards being considered and implemented by Data Protectin Officer’s (DPOs), Chief Privacy Officer’s and Privacy Offices;
  • The cross-functional and operational challenges faced globally by organisations and measures taken to overcome them; and
  • Tips on best practice steps required to put your organisation in a defensible position and to leverage good data governance as a market advantage.

Key takeaways

Key challenges and the role of DPOs

Speakers discussed the common challenges faced by DPOs across all organisations. These included:

  • Understanding what data organisations hold, where it sits and where it might go;
  • The challenges around understanding and utilising data from various different legacy systems; and
  • Mitigating against known risk; when escalating a problem is appropriate.

It was agreed that a competent DPO will not just have a good understanding of data flows within a company, but put in place a system by which processes can be implemented around key data checkpoints.

Some attendees suggested that a lot of people see the role of a DPO as inward-facing, however the panel agreed that they should have a key outward facing role, engaging with relevant authorities and organisations. This is in order to ensure good understanding of current trends in regulation and forthcoming changes. It was suggested that an engagement with an external DPO service offers benefits in this regard as DPOs that simultaneously work with a number of organisations will have a more complete understanding of how regulation can be (and is being) applied across sectors.

All speakers agreed that every DPO should look to engage with regulators regularly whether or not they have breaches.

Beyond compliance – implementing data strategies

One key area for discussion was how data governance was not just about data protection and following regulations. Whilst compliance with a myriad of international regulations should be a key aim for any organisation, it should not be the start and end point of a company’s data strategy. Many in the room argued that the General Data Protection Regulation (GDPR), for example, has overemphasised the importance of complying with legal regulations, whereas the fundamentals of data governanceare more important. Speakers agreed that putting in place a strategy which focuses on privacy by design would in fact lead to compliance, whilst at the same time creating an internal framework for good data governance. Furthermore, it was agreed that the majority of international agreements have broadly similar goals, and as such working towards compliance with one will help with others too.

Some speakers outlined how they are approaching this within theirown organisations, with one example being the creation of a Privacy Operating Model. This has seen the creation of a network of ambassadors created amongst a range of employees, who can then flag and filter issues up the chain to the legal and senior management team. It was stressed, however, that each organisation is different and that developing a culture that respects privacy is most significant. What works for one company won’t necessarily work for another.

Effective operations and improving company cultures

Speakers agreed that implementing processes within an organisation to protect and safeguard data are important but also that over emphasising this can lead to a cumbersome and ineffective strategy. Too much process can mean that data privacy becomes a tick box exercise for employees. Processes cannot be as simple a form to fill in or an email to send but something which employees can understand and engage with, seeing the value to both their role and the wider organisation. Ensuring that employees get to that stage is another key aspect of the DPO role.

Where data functions sit within an organisation will also be a variable depending on the company’s purpose, scale and capability. Scale is often an important factor for those companies trading internationally in different regions and jurisdictions as it will often allow for a high capability but at the same time a larger degree of complexity. Here senior leaders should be looking to ensure a relevant and effective team has oversight of the entire organisation rather than placing responsibilities into siloes.

  • Talal Rajab

    Talal Rajab

    T 020 7331 2189
  • Dan Patefield

    Dan Patefield

    Programme Manager | Defence and Cyber
    T 020 7331 2000

Share this


Don't miss our flagship public services conference #techUKSmarterState 2019 on 18 September! Learn about the future…
Sabina Ciofu (@SabinaCiofu), techUK's Head of EU Policy, looks at what new European Commission President Ursula von…
Bookings are now open for #Supercharging 2019! Join us on 06 November in Manchester where we'll be looking at the i…
@craigmelson Programme Manager for Digital Devices, Environment and Compliance and Consumer Electronics, discusses…
@coada Managing Director UK & Ireland @googlecloud discusses how a multi-cloud approach can help businesses to capt…
Guest blog: Sundip Bhatnagara from @AccentureUK discusses how to unlock the trapped value in cloud. Take a read her…
Guest blog: Chris Cook at @Garnet8Ltd discusses how cloud computing can act as an enabler to maximise the value of…
techUK's Associate Director of Policy, Giles Derrington (@G_Derrington), looks at the new report into the impacts o…
As we prepare to leave the EU, we must ensure that the future immigration system reflects the needs of UK businesse…
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...