What makes a good Data Strategy?

The purpose of a data strategy is to provide the framework and pathway for an organisation to realise the value of utilising data to facilitate delivery of their business objectives.

A data strategy must be tailored to each organisation and be in strategic alignment with their business goals. Such a strategy is founded on a set of principles for good data management, governance, and security. The outcomes of implementing a data strategy are dependent on the workplace and business culture surrounding data and the value placed on it. These principles form the pillars of a data strategy which must be underpinned by a sound data and information operating model which sets out the organisational structure and technology solutions required to deliver the strategy.

The data governance pillar of a data strategy is the framework for defining the ownership and accountability for data in a business. In practice, data governance can be split into three roles: a data owner, a data steward, and a data manager. A data owner is responsible for the creation and implementation of the overall Data Strategy ensuring its alignment with business objectives. As part of the overall strategy, they should set and champion a Data Culture leading from the top as well as being accountable for the long-term goals and results of the business. The data steward is responsible for determining who has access to data, but also is required to have a complete understanding of the data, thereby providing protection as well as expertise, issuing guidance where necessary. Operational management is the control framework for the processes through which  access to the data takes place, ensuring all action taken follows a clear set of data management principles with regard to ensuring data quality. The data manager should therefore monitor and be responsible for the execution of all data quality controls, presenting results of such monitoring in the form of KPIs to the Board or Executive Committee. This results in clear lines of accountability and communication between both arms of the Data Governance pillar, ensuring better quality and accessibility to all members.

Data management is the framework that ensures organisations are able to ingest, store, organise, and secure data effectively and efficiently. This is a vital pillar of the data strategy as it establishes data usage policies and the processes for accessing data, minimising risk or leakage whilst simultaneously building trust and enhancing operational capability. Part of an effective data management framework is a focus on ensuring data is of good quality. This requires data to be accurate, valid, complete, reliable, and relevant. To ensure that data continues to meet this requirement, operational controls need to be implemented to maintain integrity. The collation of accurate, raw data which is analysed and interpreted creates information assets vital to business processes; only through effective and efficient data management can these valuable information assets, vital in aiding organisational decisions, prove trustworthy, and meaningful. In an outsourcing model it is critical that an organisation has the necessary oversight and controls in place to ensure the supplier has appropriate data management processes that maintain the integrity, accuracy and validity of its data to clients. A lack of effective oversight can lead to inaccurate data, potentially inhibiting decision making and causing reputational damage to the client. An organisation should see the outsourcer as an extension of their own business and ensure that the supplier controls and protocols align with any internal principles around the effective management of data.

The prioritisation of data security is integral to the success of any data strategy. Data is an asset and should be treated as such with adequate protection from loss, leakage, or manipulation. Whether firms outsource to an MSP or manage their technology and security operations internally, security and the protection of data is imperative to the whole operation. Firms should operate on the principle of classify, encrypt, and restrict. To ensure data is safeguarded, there should be sufficient controls in place regarding the dissemination of data. When distributing a document, authors should always seek to classify to the “highest restricted” status as a default. Embedding this practice within company culture establishes data awareness, effective safeguards, and the fundamental principle that distributed data does not have to be seen by everyone unless absolutely necessary. Classifying at such levels requires sufficient encryption to protect it. Such encryption needs to be effective both at rest and in the process of transmission to relevant parties. This is vital in ensuring that only those authorised to access data can do so. Through restricting the access of data to users on a need-to-know basis, firms reduce the risk of data loss and manipulation, upholding security principles and strategically aligning with the enablement of business objectives. Furthermore, when considering data security, firms must ensure compliance with the relevant data protection laws in the jurisdiction they operate.

Fundamental to all other principles is the workplace culture surrounding data. Efforts must be made to ensure that all employees recognise the value of data. Leadership must endeavour to integrate this mindset into the whole organisation from the very top. This may be done through educative workshops or training programmes in which the focus is on ensuring accountability for data ownership is understood by all members of the business. Organisations that use third parties to handle their data must strategically align with their partners on their handling of data and establish effective oversight procedures to maximise outcomes. The benefits of reframing the employee relationship with data is that it allows an organisation to realise their business objectives by improving trust and enabling better informed decision making through the improved use of data and information assets.

The foundation upon which the four pillars of a data strategy are built is the organisations data operating model. This is the organisational design and technology required to enable delivery of the strategy. It revolves around three key agents: people, process, and technology that are required to enable the strategy and the outcomes of it. Technology is vital in providing operational controls, data aggregation, and a platform upon which a business can visualise and analyse data and information sets. Processes ensure the effective execution of the controls in place to maintain the integrity, accuracy, and security of data flowing across the organisation. Oversight and execution of this function is the responsibility of data managers who are required to provide scrutiny and uphold the collective responsibility for data across the organisation.

A Data Strategy is fundamental to the success of any organisation in fulfilling its strategic objectives. Organisations should understand the value of the principles set out above and implement them accordingly to facilitate the execution of business functions. At Mirador Solutions, we have prior experience in delivering Data Strategies for clients which is guided by the principles of Management, Governance, Security, and transforming workplace Culture surrounding data.

By Hari Reilly-Singh & Sukesh Mayor