Data Governance... who, how, why?

Hey, Data Governance Specialist here 👋

From a DAMA perspective, Data Governance is a core business function, not a subset of Security or Compliance.

Who owns Data Governance

According to DAMA, Data Governance sits at the top of the data management framework and provides direction and oversight for all other data management functions. Ownership typically lies with:

• A Data Office / CDO organization
• Enterprise Information Management
• A cross-functional data governance council representing the business

Security and Compliance are key stakeholders, but not owners. They execute controls based on governance decisions.

Why Data Governance exists

Data Governance ensures:

• Clear data ownership and accountability
• Consistent definitions and business concepts
• Agreed quality standards
• Approved usage rules

Without governance, security and compliance operate in isolation, often enforcing controls on data that is poorly defined or inconsistently owned.

How it is permissioned

DAMA does describe multiple operating models. Centralized, federated, and decentralized models are all valid, depending on organizational maturity and culture. What matters is that:

• Decision rights are clearly defined
• Roles such as data owner, steward, and custodian are formally assigned
• Tools reflect these roles, but authority comes from governance, not technology

Key distinction

• Governance decides who is allowed to decide
• Security decides how data is protected
• Compliance decides how long data is kept and why

If you’re interested in going deeper into this, I strongly recommend the DAMA-DMBOK 2.0, which lays out this operating model in detail.

Also worth noting: DAMA-DMBOK 3.0 is currently in development.