Data Governance Maturity AssessmentThe importance of good Data Governance
Data Governance is the discipline of managing information within your business to help ensure that:
- You can provide confidence to internal and external stakeholders that the management of their data is supported by appropriate processes, technology and capabilities across the data lineage.
- Appropriate controls are in place to protect employee, customer and corporate data through alignment with policy and an effective ownership model.
- Information presented within management reports is accurate and complete through appropriate data quality checks/controls.
Other benefits of enhancing your Data Governance maturity are:
- Cross department alignment on data processes.
- Enforcing roles and accountability for data management.
- Enabling external data sharing projects.
- Maintaining regulatory compliance.
- Standardising data management and utilisation.
- Reducing inefficiencies and costs for data management.
“Governance – A bank’s risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangements consistent with other principles and guidance established by the Basel Committee.” BCBS 239 (principle 1)
“technical and organisational measures are the functions, processes, controls, systems, procedures and measures taken to protect and secure the personal information that an organisation processes.” GDPR
We have taken our knowledge of regulations across financial services and beyond to develop an approach in assessing an organisations’ data governance maturity using a defined framework. This approach allows you to take the findings and tailor a Strategy that can shape your maturity at a pace that suits you and aligns to your corporate goals.
Our approach has three dimensions:
- We gather an understanding of your data governance procedures and processes (data policy, stewardship, retention, etc.) through a combination of desktop and interview-based reviews.
- Assess each procedure and process against the disciplines of capability, process and technology.
- Classify your level of maturity against the five levels of Data Governance maturity (as noted below).
Data governance maturity levels
In summary, Data Governance is a key focus of many regulators and improving your maturity in this area can deliver significant business benefits. We at Data Risk Solutions Ltd understand the commercial and business value that improvements in Data Governance can deliver and have a sophisticated and efficient approach to helping you to achieve these benefits quickly.
For further information or support – please contact us by email (firstname.lastname@example.org) or phone (0113 8730209) or visit our website https://datarisksolutions.co.uk/
Direct Marketing – Code of Practice
The Information Commissioner’s Office (ICO) issued a draft consultation code of practice in January 2020 regarding Direct Marketing. It demonstrates the direction of travel in regards to marketing activity conducted by any business with individuals or on a business to business basis using the values and principles put in place by the General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communication Regulation (PECR).
We, at Data Risk Solutions found the following points most pertinent:
- The code applies if you process personal data for direct marketing purposes. Direct marketing includes the promotion of aims and ideals as well as advertising goods or services. Any method of communication which is directed to individuals could constitute direct marketing.
- Direct marketing purposes include all processing activities that lead up to, enable or support the sending of direct marketing.
- In most cases it is unlikely that you will be able to make using an individual’s data for direct marketing purposes a condition of your service or buying your product.
- The two lawful bases most likely to be applicable to your direct marketing purposes are consent and legitimate interests. However; if PECR requires consent then in practice consent will be your lawful basis under the GDPR.
- It provides guidelines on use of consent data when obtained from third-parties.
- The principle of privacy by design and Data Protection Impact Assessment (DPIA’s) will help in making sure that any marketing activity is compliant with data protection regulations.
- Market research will not constitute direct marketing if you contact individuals to conduct genuine market research (or you contract a research firm to do so).
- Direct marketing is not limited to the sale of good and services, it also includes fundraising, campaigning and promotional activities. This means that the activities of not-for-profit organisations such as charities and political parties are covered by the direct marketing rules.
- Further guidance on the use of data received from data brokers and specific due diligence expectations on the Data Controller.
- Asking existing customers to provide information on their friends and family members for marketing purposes and the difficulties this creates from a consent perspective.
- Recommendations on managing marketing lists for business to business direct marketing activity, specifically for communications via email or text.
- Location-based marketing techniques must be transparent and clearly tell people about this type of tracking. These are likely to require consent.
In summary; the use of personal information for marketing purposes is a complex field but we at Data Risk Solutions Ltd understand the commercial and business value that such information can create. We therefore recommend an appropriate and balanced approach to direct marketing activity
and have the expertise to help you achieve this.
For further information or support – please contact us by email (email@example.com) or phone 0113 873 0209.