Skip to content

Master Data Management: Governance – Data & Compliance

In a previous blog post in our MDM series, we have discussed how master data is collected, modeled, cleaned, quality assured and shared for operational and analytical purposes. In this blog post, we will talk about how to ensure that the data you share in your organization lives up to your internal data rules as well as some of today’s compliance requirements – such as GDPR.
August 17, 2021 twoday kapacity

What is typical regarding MDM projects is that a great deal of effort is made to prepare, clean and tidy up master data when a project is in progress. Often, however, companies fail to ensure that all this good work is maintained - also after the end of the project. This is where your Governance should come into play. Governance must be implemented with the right balance between restrictions in relation to what the individual employees can do and change, in order to avoid mistakes, as well as their freedom to be able to act quickly and be efficient in their work processes.

Data, definition and rules

In addition to creating the necessary system support and work processes to be effective in your MDM, it is also important to establish some rules for data so that the workload of cleaning data becomes less over time. Data rules help to ensure that standards, formats, content, etc. are complied with. Some of these data rules also form the basis for the quality measurements that you set up in accordance with your data quality management framework, which we discussed in the previous blog post about quality measurement & overview. The data rules make it easier to collect and report data according to a common standard and make data "speak the same language", no matter where in your organization they are used. Your data governance can therefore help you to be consistent and enforce the integrity of data.

Data access and use

When you collect and share your master data across systems and organizational boundaries, you also need governance about who can create, edit and use the data. Data access and data use must also be seen in the context of the level of rights in the various systems that contain master data. A rights matrix gives you an overview of writing and reading rights in the individual systems, as well as who in the organization has which rights. In addition to writing and reading rights, an overview of which systems act as "system of entry" - i.e. systems where master data is created and updated as well as "system of record" - will also be relevant knowledge when quality problems and breaches of data rules must be debugged and explained.

Data security and privacy

One of the major themes within data security and privacy in recent years has been compliance with the GDPR. The GDPR entered into force on May 25 2018, and companies have since then spent a lot of resources preparing for the new requirements and complying with the requirements.

The primary principle behind the GDPR is that personal data is considered to be the property of the individual - and not the data processor, which means that everyone should have control over who collects their personal data, when it is collected and how it is used. For a company, this means that there have to be documented processes for how data is collected and handled - and they must also delete the person-sensitive date if a customer requests it. The GDPR thus also affects your MDM, as master data often in one form or another contains personal information.

So, what is the approach to complying with the GDPR? We know that the following are required:

  • A statement of consent that a customer can approve when giving the company his/her personal data. For example, when purchasing a product or service and whether they allow marketing communications in this connection
  • A place where the consent form is stored and where it is clear that the customer has given permission for communication in terms of marketing

  • A strategy that ensures that data is updated and deleted when it is no longer in use

  • The integrity and security of data must be ensured - only people with an active need to be able to see data must have access to it

  • A way in which the company can send all registered information about a person if the person requests it

  • If a customer, former employee or other person wants their data deleted, the company must be able to delete all information or mask it if there is a reason to keep it

The above can be a handful for many companies. It requires coordination of master data and personal data, which most people still do not have. If you do not have control over your master data, then you also lack control over the internal policies that the GDPR requires.

Rules, guidelines and policies cannot stand alone in your MDM governance. You must also be in control of roles and responsibilities to ensure that MDM becomes a lasting focus. You can hear more about this in the next blog post; "Governance - organization, roles and responsibilities".

Related posts