Tuesday, 24 July 2018 00:09

When Is Your Data Governance Framework ‘Good Enough’ to stand up to GDPR scrutiny?

HSBC strives to adopt the highest standards possible.  We operate in a number of markets in the Asia Pacific Region and the data privacy policies adopted are to a high standard.  HSBC has appointed regional and in some countries data privacy officers as required.  For instance, Hong Kong has a data privacy officer under HKMA. HSBC has adopted a data privacy policy that addresses a number of points already required under GDPR.    The policy also includes requirements across vendor, privacy and legal requirements as well as data sharing.

To address GDPR specifically HSBC created a global programme in the UK to understand requirements and develop a plan to address.  Locally a working group was established across four disciplines – compliance, legal, privacy and data, with the aim to understanding local requirements.

To claim that the data governance framework is good enough, the data governance framework must be taken into consideration with other aspects of managing information and personal data across legal regulatory compliance and privacy.  Also an organisation must be able to demonstrate the policy is followed and not just a document.
How do you capture information on what your stakeholders are actually prioritising in terms of getting data remediated?

We have a number of tools that we leverage.  One is prioritising the data elements within critical processes – we determine the process, the elements required to execute that process and determine those that have a material impact of the process.  HSBC will then implement data measures at critical stages to track quality is within predefined thresholds.  When quality falls short of these thresholds, HSBC has implemented a data quality defect system which is used to record, track and resolve issues.

How do you start delivering an organisation-wide data governance framework?

The data governance framework is obviously made up of policies, people, procedures and tools.   First of all, you need to make people aware within the organisation of their roles and responsibilities.  Policies and strategy must come from top down and be supported by training and robust processes.    Leverage existing processes where possible by strengthening them or expanding to data.  Your organisation will probably already have a number of forums that are responsible for governance, now we’re just making sure that data is on that agenda.

Ensure you have the tools to support people in their roles.

Within HSBC’s policy, there a four broad areas;

1.    Making sure governance is in place
2.    Ensuring the data measurements are carried out
3.    Following data issues management procedures
4.    Understanding and documenting usage – who is capturing it, and for what purposes?
What are the key considerations around implementing policies, standards, and education to ensure that your data quality remains high and compliant?

A key consideration is how does this fit in and help you achieve your business strategy.  Start where there is the most benefit, whether this is for the business or customers. People will then understand why you are doing this and buy in more to the vision. As a result, this clarifies roles, drives priority processes and education rather than an add-on or must do.
How do you keep data governance relevant and engaging for all so it remains high on the agenda?

In Asia/Pacific, executive data governance committees have been established in each of the countries chaired by the country Chief Operating Officer.   Lines of business head are also key members.  The meetings are relevant as they focus on business priority and data quality required to achieve.  It is not focused on data quality or governance as an end to itself.   You keep it relevant and engaging by making it part of their BAU processes and you can demonstrate business benefits.
How do you embed data quality throughout the whole organisation?

The first step is to identify critical processes and by extension critical data elements.  It is not possible to do establish data quality for every element throughout the whole organisation. Establish links to the business strategy, start education, ensure quality controls, whether they are business controls or technical controls, are part of the process.  Establish data quality measurement, reconciliation, issue identification and remediation where controls cannot be established.   Making sure you’ve got the tools, people and the governance in place to ensure that it works.
How can you demonstrate the long-term implications of data quality to those at the business front line?

You make business front line staff lives easier.  Less errors, remove non value add tasks, improved end to end processes and happier customers.  You will demonstrate this through either process or efficiency measures. Our more mature markets have gone from a pure measurement, for example “do I have my address correct”. To looking at how many address changes can I do first time, every time, or how many times do I need to go back to the source of the information to get it clear?

Chris Butler, Chief Data Officer – Asia Pacific International Markets, HSBC (Hong Kong)

Join Chris at the upcoming CDAO Melbourne Conference as he makes his keynote presentation – When Is Your Data Governance Framework ‘Good Enough’? Preparing for GDPR

Read 9436 times


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips




Recent Comments