Understanding data and analytics maturity: A focus on Data Services and Compliance
In previous articles, we have discussed several important aspects of our data & analytics maturity model and how they contribute towards successful transformations. In this article, we will be addressing possibly the most fundamental aspect of maturity: the ability to maintain compliance across data services.
Compliance is key
As with all technology programmes, compliance is always a complex challenge for any organisation of a significant size. As organisations become digitally native, new data sources are managed and leveraged to produce increasingly complex solutions. This can cause difficulty as new solutions are continuously and dynamically modified to support new use cases and objectives.
Keeping on top of what is happening with the organisation’s data - and how it is being used in increasingly ‘black box’ solutions that are highly abstracted from the source of the data - is complex even in normal circumstances. Combined with the move to federated delivery models, this challenge has to be an acute area of focus when embarking on a data & analytics programme.
Start by considering the myriad of risks that organisations are confronted with today and the types of technology, capability, governance, and policies that will be required to manage these in future:
The regulatory requirements of GDPR, requiring vigorous control and visibility of PII data;
In financial services, BCBS 239 requiring end-to-end visibility of the risk reporting process;
Ethical risks arising across the organisation from the adoption of AI & ML at greater scale;
Data sovereignty regulations, such as those affecting NHS data or the Cybersecurity Law of the People's Republic of China (2016). These regulations place huge demands on the protection of ‘key information infrastructure’ and restrictions on the movement of sensitive data.
Identifying ethical risks
In a recent article, we recommended that as part of changing your organisation’s culture, you need to elevate and champion the importance of data ethics. In another associated article, we discussed how the ethical risks of using advanced analytics during the Covid-19 pandemic have been heightened due to the urgency, pervasiveness, and ambiguity of efforts that employed sensitive personal information. We recommended that organisations adopt principles centred on accountability and transparency.
With a rise in ethical and regulatory scrutiny, as well as the complexity of modern analytical solutions, it is imperative that all staff who interact with your data have the tools and support to identify and manage ethical issues throughout their project lifecycles or as part of BAU activities.
To support this, we recommend that you develop approachable ethical frameworks or guidance to support your colleagues in navigating risks, improving project quality, and increasing management trust that ethical and regulatory risks are being managed over the long-term and across all critical initiatives.
Open by default
Compounding this challenge is the rising trend of open data, which assumes that all enterprise data should be ‘open by default’ and that data management principles and solutions should reflect this. This is becoming particularly popular at a national and international level, such as in the Energy industry, where open data is key to the realisation of the ‘three Ds’ - Digitalisation, Decentralisation & Decarbonisation.
This trend is already resulting in a total rethink of existing security and compliance paradigms as organisations overcome the fear of greater openness and the use of globally distributed cloud services in a world of heightened compliance and trust issues.
To manage such conflicting trends, we urge organisations to define robust data strategies with robust approaches to governance and a clear vision of the look and feel of the future organisation. This will help to drive the execution of greater compliance through strategic direction. In particular, your data strategy should provide your organisation with purpose and limit ambiguity by simplifying the complexities involved in achieving compliance.
While traditional approaches to governance – for example, standing committees and word documents - are still essential, what your colleagues want most is practical support embedded into what they are doing. Developing ethical frameworks is not particularly helpful if your colleagues don’t adopt them.
Connecting back to our thoughts on culture and DataOps,we discussed overcoming this challenge through DataGovOps and Agile Data Governance practices - applying a 'governance-as-code' approach, as well as providing continuously operationalised governance.
In order to achieve compliance, focus on providing direct support to business-led delivery teams, bringing guidance and impactful advice to deliver real-time benefits. This will allow you to make use of budding internal communities to not only define best practices but also to provide practical expertise through regular business engagement throughout business-critical programmes.
DataGovOps and Agile Data Governance will ensure that compliance requirements are widely known and achieved by implementing practices into delivery and focusing governance activities on value. .
Use a data strategy to unearth the myriad of regulatory and ethical risks that your organisation will likely face, as well as the technologies, capabilities, governance, and policies that will be needed;
Understand how open data could potentially affect your organisation and its critical data assets. Consider how you might realise ‘open by default’ attitudes towards data, all whilst ensuring that data protection principles are maintained through a combination of people, process, and technology;
Champion data-centricity through DataGovOps and more value-focused, agile modes of governance, driving best practices into font line teams and catalysing innovation. Also, consider how modern architectural paradigms like the Data Mesh can also drive ROI.
What to expect in our next article
In our final instalment, we discuss the role of data services, such as data quality, in helping your organisation to achieve greater maturity in data & analytics through robust underlying capabilities.
If you have any questions relating to the topics discussed in this blog or would like us to help you assess your data maturity, please get in touch with one of our experts.