Establish a Program Data Governance Model

00:00

Welcome to module 2.4 establish a program data governance model.

00:08

In this module

00:09

we will discuss understanding centralization of data governance, understanding decentralization of data governance and understanding potential hybrid solutions.

00:22

Now, when we talk about

00:23

a program

00:25

around data governance

00:27

for for our privacy program,

00:29

it's important to understand that there are benefits and downsides

00:34

to the three most common types whether you have a centralized

00:38

data governance model, a local or decentralized data governance model or a hybrid

00:44

of the of the two,

00:46

regardless of the model chosen should ensure information is controlled distributed to each or two decision makers.

00:53

Centralist, typically one person is in charge, allowing for the direction to flow from a single source.

00:59

So for smaller organizations it may be beneficial to have a centralized

01:04

data governance model to ensure that one individual has the authority to make the decisions and

01:11

uh huh

01:12

disseminate that information ought to internal and external

01:17

stakeholders.

01:19

However, a larger organization

01:21

may determine that a privacy officer or someone who has a C level position have responsibilities and that they would be the ones who would be the central figure. So it really depends on the organization and the culture,

01:34

local or decentralized decisions uh that are made locally

01:40

can't result in having less

01:42

what we would say in the industry, red tape or

01:46

hurdles to overcome.

01:48

And there is a wider span of control at the local level.

01:53

Maybe a global organization needs to have a local presence in certain regions of the world to ensure that privacy regulations that could potentially change or dramatically impact

02:05

how privacy is governed or managed within that area

02:09

is impacted. And and that doesn't take away from the resources that may be required to run the overall global program

02:20

or different areas. So having a local or decentralized program may be necessary. And of course there's the hybrid option which is a combination of centralized and decentralized hybrid is going to be less likely in a smaller organization and more likely in a mid or large organization

02:38

where,

02:40

for example, if there is a large tech organization, they may have a privacy officer or a VP of privacy at their headquarters. However, they have plenty of local presence around the globe to ensure that local decisions are made and that their reaction to those

03:00

types of events related to the privacy program are handled

03:06

uh in a way that reflects the requirements of that region.

03:14

Here's a slide here that I found on the web from Mckinsey. You can see I have my source here and just in general, when it

03:22

when it comes to centralizing or decentralizing uh anything, it's just important to know that when you're looking to centralise, uh there's at least what

03:32

according to Mckinsey would state here that there's a series of Yes, is they need to have 23 questions. Is it mandated to external stakeholders will require it? If so. Must it be done at a group center

03:46

or number two? Does it add significant value to add 10% of the market capitalization or profits of the group? If you're really looking at expenses related to your program, that could be a factor. If not, is it a key part of a larger initiative that would add 10%? Now, those percentages are just examples. Maybe 10% within your organization?

04:05

Wouldn't be a lot. However, for a lot of organizations, a 10% fluctuation is significant. So it could provide some major savings for you too. Centralist.

04:15

Are there a slow, Does it avoid risk of bureaucracy, business rigidity or reduce motivation or distraction? It's another consideration from a culture standpoint of centralization or not centralizing?

04:28

Not that these are going to apply to your organization, but when it comes to creating your data governance of how your program is going to operate, it's important to really work through whether centralization, decentralization or a hybrid model

04:42

is important for your organization.

04:46

Here's a question

04:46

privacy decisions made locally as an example of a blank governance model.

04:51

The answer, of course, is decentralized.

04:57

In this module, we discussed data governance modules