Where an organisation’s data includes Personal Data, then strong Data Governance is also part of their legal obligations in their role as Data Controller for the information it holds; strong Data Governance ensures that an organisation is compliant with its legal responsibilities and can evidence this compliance.
Processes and controls ensure that data is properly managed across its life cycle, and that it is properly maintained and monitored to reflect the situation it was created to record. They ensure that data is only accessed by the people who should access it, and for the legitimate purposes that have been defined.
Policies and standards define the framework of rules and guidelines by which an organisation’s staff are trained and measured, and how security controls should be applied. They describe everything from Data Quality Standards, access controls, legitimate data usage and how data should be protected.
Roles and responsibilities define who accesses data and who makes decisions over it. Key roles such as Data Controllers and Data Stewards are described as the management reporting lines. The hierarchy of decision making is defined, along with the various forums that they run to make decisions and assign actions.