Establish a Program Data Governance Model
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
3 hours 39 minutes
Welcome to module 2.4 establish a program data governance model.
In this module
we will discuss understanding centralization of data governance, understanding decentralization of data governance and understanding potential hybrid solutions.
Now, when we talk about
around data governance
for for our privacy program,
it's important to understand that there are benefits and downsides
to the three most common types whether you have a centralized
data governance model, a local or decentralized data governance model or a hybrid
of the of the two,
regardless of the model chosen should ensure information is controlled distributed to each or two decision makers.
Centralist, typically one person is in charge, allowing for the direction to flow from a single source.
So for smaller organizations it may be beneficial to have a centralized
data governance model to ensure that one individual has the authority to make the decisions and
disseminate that information ought to internal and external
However, a larger organization
may determine that a privacy officer or someone who has a C level position have responsibilities and that they would be the ones who would be the central figure. So it really depends on the organization and the culture,
local or decentralized decisions uh that are made locally
can't result in having less
what we would say in the industry, red tape or
hurdles to overcome.
And there is a wider span of control at the local level.
Maybe a global organization needs to have a local presence in certain regions of the world to ensure that privacy regulations that could potentially change or dramatically impact
how privacy is governed or managed within that area
is impacted. And and that doesn't take away from the resources that may be required to run the overall global program
or different areas. So having a local or decentralized program may be necessary. And of course there's the hybrid option which is a combination of centralized and decentralized hybrid is going to be less likely in a smaller organization and more likely in a mid or large organization
for example, if there is a large tech organization, they may have a privacy officer or a VP of privacy at their headquarters. However, they have plenty of local presence around the globe to ensure that local decisions are made and that their reaction to those
types of events related to the privacy program are handled
uh in a way that reflects the requirements of that region.
Here's a slide here that I found on the web from Mckinsey. You can see I have my source here and just in general, when it
when it comes to centralizing or decentralizing uh anything, it's just important to know that when you're looking to centralise, uh there's at least what
according to Mckinsey would state here that there's a series of Yes, is they need to have 23 questions. Is it mandated to external stakeholders will require it? If so. Must it be done at a group center
or number two? Does it add significant value to add 10% of the market capitalization or profits of the group? If you're really looking at expenses related to your program, that could be a factor. If not, is it a key part of a larger initiative that would add 10%? Now, those percentages are just examples. Maybe 10% within your organization?
Wouldn't be a lot. However, for a lot of organizations, a 10% fluctuation is significant. So it could provide some major savings for you too. Centralist.
Are there a slow, Does it avoid risk of bureaucracy, business rigidity or reduce motivation or distraction? It's another consideration from a culture standpoint of centralization or not centralizing?
Not that these are going to apply to your organization, but when it comes to creating your data governance of how your program is going to operate, it's important to really work through whether centralization, decentralization or a hybrid model
is important for your organization.
Here's a question
privacy decisions made locally as an example of a blank governance model.
The answer, of course, is decentralized.
In this module, we discussed data governance modules
models, excuse me, such as centralized, decentralized and hybrid. We also discussed the benefits and downsides of each model.