Data Governance

The 10-Step data governance checklist for success in 2024

What are the key steps for data governance in 2024, in this blog we give you a detailed data governance checklist to help you build a data governance program as well as find opportunities to build a career in data. 


Data is reshaping our world and is defining new business possibilities, but managed haphazardly and it could herald unprecedented regulatory and operational challenges to an entity. If you are looking at an example of how much data shapes our lives and tells us about our activities, look no further than your own phone. The vast amount of data generated is in the unstructured form and this means that for us to extract valuable information from it, certain operations must be executed. 
Data Governance Checklist

If one is aiming to be data centric, that is, have decisions backed by data, then effective data management becomes a top priority, you need to ensure that the process of generation, the outcome of the data is of high quality and consistency, and consequently you are able to trust the decisions you derive from it. 

This is where data governance comes in. Data governance is to data management what audit is to financial management, the latter involves execution while the former is more concerned with the processes around oversight. 

Formally, data governance can be summarized as the process of defining principles, policies, frameworks, metrics and oversight to manage one’s data assets at all levels within reasonable costs. 


As organizations grow, the collaboration around data governance should be formalized and integrated into the organizations governance structures and communication pipelines.

The key focus areas when we think of data governance transformation are 

  • Governance , this relates to the policies procedures and standards that are critical to the goal of promoting effective management of the full list of data that the organization possesses including that of clients and third parties
  • Personnel and training – these are the key competencies and the job descriptions that define the roles of the staff involved in key data management activities (responsible party identification)
  • Data lifecycle and ownership – from data sourcing, ingestion and filtering, processing, encryption, anonymization, storage, backups and continuity and controls, at rest and in transit data security
  • Privacy and security – this involves the data access privileges, secure networks, data loss prevention tools and encryption
  • Compliance – local and international regulation that define the standards for processing data. Note : Regulation around data analytics does not mean analytics is limited, rather it implies that the whole structure must be properly and deliberately governed within the confines of the existing law and regulation.


For a long time, the practice of data management has been the focus of IT departments and DBA’s within the organization, only recently are we seeing the shift to independent analytics and data management departments that do have exclusive non-overlapping roles with the IT teams. Visit data-governance ( to learn more about the different roles in the data governance space. 

Below are some of the key reasons organizations fall short on data governance: 

  • The uniqueness of data as an asset and inferred challenges of valuation; Key decision makers have no clear sight of the Return on Investments that Data Governance portends and the risks associated with poor quality data 
  • Fluid business environments; Data governance frameworks have not evolved in tandem with the demands of uncertain business environment 
  • Lack of buy-in from top leadership; Data Governance is not accorded significance in Board and Senior management strategy meetings.
  • Personnel and culture; The data governance process is cross functional and requires a horizontal perspective as well as a culture shift. These coupled with the diverse skills required for effective implementation, eventually implies failed efforts.


Why do we need a checklist you may ask, this helps us keep track of each step and not skip on major considerations in the data governance journey as well as to evaluate the success post implementation. Every organization is unique and thus has a different set of planning considerations, however, this highlights some of the items that should not be missed in the data governance conversation. 

Step 1: Define a clear path to operationalizing data management activities and objectives;

Not all possible controls must be implemented, as this would rather be inefficient, thus an organization needs a risk management process to proactively identify unforeseen risks, champion continuous compliance and minimize the limitations that are abound.  At a broader level the objectives of a clear data management strategy are; 

  1. Enabling regulatory compliance 
  2. Improving efficiency 
  3. Promoting desirable change towards future state of standard processes
  4. Support dependable and frictionless decision making 

It is important to note that the objectives of standardizing data governance may be more than the above listed depending on the focus of the program and strategic objectives of the company. These may touch on the infrastructure changes and the existing company culture. 

Step 2:  Perform a Readiness assessment;

 This comprises how the organization uses its data to further its strategic objectives in current state and where they want to pivot this to in the future, the capacity to change and potential resistance points that need to be ironed out for a successful rollout and the readiness of units to collaborate, both at a technical level and non-technical level. This is key to determine how a data management program is sustainable beyond the implementation phase

Step 3: Develop the goals, principles and policies;

Standard policies and procedures cutting across the different dimensions of data governance is the crux of a strong data governance regime. These need to be developed with keen interest on the long-term sustainability of the proposed standards, from  resource requirement and staffing capacity perspectives. Once in place, the circulation and access to the said policies should be prioritized. 

The policies, procedures and standards must include:

  • Data Inventory management guidelines
  • Data Transmission, Reporting and exchange protocols 
  • Data collection and retention guidelines in line with the local regulation 
  • Data Privacy and records management 
  • User data access, data security and data breach incidence response protocols. 

Defining metrics for success is also critical in ensuring the established standards are adhered to and improved. The outcomes of this step should be clear cut, trackale and speak to for example,  the amount of effort saved in addressing data quality issues, regulatory issues avoided, bottom line impact, reputational issues avoided e.g employee trust issues resulting from HR data leakage, patient issues with confidentiality etc. 

Step 4: Assess regulatory and compliance requirements;

This is one of the key reasons for implementing data governance, thus the organization must be keen on getting it right and it must be a continuous exercise. For instance compliance with GDPR should be top priority for multinational organizations or organizations operating in European Jurisdictions. GDPR is an EU Data Protection Regulation that came into effect in May 2018 and dictates how organizations must handle PII (Personally Identifiable Information) and what rights the data subjects are accorded as well as what data controllers must do when collecting and processing personal data. Locally, in Kenya, we have the DPA (Data Protection Act 2019), which is based on the GDPR and has seen an accelerated rollout in the past months since the appointment of the Data Protection Commissioner Immaculate Kassait. 

Step 5: Data Asset valuation;

Data is increasingly becoming useful and its applications are diverse, some of which are; Controlling risks, Achieving operational efficiency, Informing new products rollout, Client centricity etc. 

Much as it is still in the evolution phase, the widespread adoption of data as an asset that is reported in organization’s financial statements is something that we expect to see in the foreseeable future. Data is often underutilized because of challenges with its value, quality and ease of use. Data in itself therefore is an asset with unique properties whose value should be expressed in financial terms as is the case with all other assets. Without this, it is hard to measure just how much it contributes to organizational success, and consequently how much effort and resources need to be dedicated to augmenting it. 

Some of the unique properties of data as an asset include: 

  • It presents a risk, much as it can be of value
  • It is intangible hence can be duplicated, stolen but still exist 
  • Its value is temporal, that is its value changes as it ages, this can go both ways
  • It can increase exponentially in volume without corresponding increase in value 
  • It can even be used by multiple users concurrently

Step 6: Develop a business glossary with clear and standardized definitions

Malcolm Chisholm in his book: Definitions in Data Management: A Guide to Fundamental Semantic Metadata posits that it is particularly important to have clear definitions for data, because data represents things other than itself. As with many aspects of an organization or industry, different vocabulary is used to refer to similar things internally, which might not necessarily be standardized. 

Having a standardized definitions across the organization enables; 

  • a common understanding of the core business concepts, 
  • reduced risks of inconsistent and misuse of data,
  • improved integration between organizations’ technology systems
  • enhanced search capability as well as faster access to information within the organization repositories. 

The list of terms and definitions should be accompanied by associated comprehensive metadata

Step 7: Assess the risks

What are the risks associated with implementing or not implementing a data governance framework. For each risk a likelihood and impact value needs to be quantified and mitigation measures set. Some of the common risk categories are;

  1. Data Risks – These involve risks that are specific to the data as an asset and can encompass data quality, data security, data architecture, data retention , availability etc. 
  2. Legal – Which data privacy and protection laws do the project components touch on and what industry frameworks does the organization need to comply with. 
  3. Ethics – The ethics conundrums that may arise from certain products and unintentional harm that the project portends to broader society. 
  4. Business – for example market shifts, reputational damage
  5. Strategic – for example missed opportunities in leveraging data capabilities as a competitive advantage 
  6. Resources – for instance human resource turnover due to ineffective change management 
  7. Technical – e.g legacy systems integrations, modeling and data ingestion mishaps, compute availability. 

The final step in this involves coming up with a risk register, which acts a guide and essentially is a documented repository of the identified risks, the perceived risk levels, the likelihood of materialization and the impact as well as current actions or proposed actions of mitigation. Check out the free template risk register from lightsondata 

Step 8: Responsible party identification; 

Getting buy-in from leadership, articulating the apparent benefits that are realizable with such an investment, being transparent with staff in their roles and defining the key process owners are key steps in ensuring you have the right people with the right mindsets for the right roles. Key to note is that data protection is a cross-discipline subject and thus would require the involvement of every department in the organization, since the process owners are usually more familiar with the risk and mitigation strategies that will be effective in the long term. A diverse risk identification and assessment team can be key to staying ahead of the line in compliance and implementation. The different roles that need to be filled, depending on the size and complexity of the organization include Executive Sponsor, Data Governance Lead which could be the Chief Data Officer or Information Security and Compliance head, Data Governance Council, Data Owners, Data Stewards and Data Custodians. At this stage, you may also consider outsourcing some of the activities. 

Step 9: Develop Internally, workforce skills and capabilities;

Staff involved in the process come from many and diverse backgrounds and might be their first time implementing such a full program, thus you need to ensure access to professional development opportunities in the form of workshops and online material is accessible to enable them build foundational and specialized skills. A skills roadmap should detail the role descriptions, skills and relevant data management activities that staff are expected to undertake on a regular basis.  

Step 10: Monitoring and integration; 

Data Governance Progress must be measured continuously against the company’s strategic objectives and be a part of every process. 


Technology can be a great enabler but it can also present equally great challenges. As you have seen, the increased use of online services, generation and processing of personal data has led to the need to have frameworks that guide what organizations, governments and persons can and cannot do with data. Consequently, businesses have been keen on revamping their data governance functions and integrating it across other functions. However, this has not been a home run and is still marred with challenges. 

As a business, you might be starting out in terms of checking off the boxes in the above list, or already deep into the journey, nonetheless, data governance should be a priority and should be budgeted for sufficiently to ensure associated risks are well mitigated and the key opportunities inherent in data which are key to keeping an edge over the competition are not missed.

As an aspiring data management professional, you have hopefully seen the gaps that need to be filled, both technical and non-technical roles. You can now easily chart your path based on your interests and career goals.  To learn more about the paths that fit in the data governance space and the nuanced skills required in each, explore other blogs in our Zindua page.  To learn about Zindus School and our technology programs, visit


  • Read more on GDPR here 
  • Read the step by step guide to developing a data privacy risk register here
  • Conducting Data Privacy risk assessment here
  • Involving change management in data governance rollout here
  • APRA CPG 235 – Data Risk Management 

Similar Posts