Data Governance and Compliance: Act of Checks & Balances

Compliance is one of the main reasons why companies feel the need to make data governance a priority. It ensures that the data ecosystem complies with the laws and regulations on data collection, management, and use.

Effective data governance guarantees that compliance isn’t an afterthought or purely an IT function, but is inherent to an organization’s data culture and practices. That’s the best way to balance the need for security with data democratization.

Here we explore the correlation between data governance and compliance, starting with a comparison to understand the difference.

Table of contents

1. Data governance vs. data compliance
2. Why is compliance important?
3. Does complying with regulations mean stifling data access?
4. How does data governance balance compliance with democratizing data?
5. Data governance and compliance: Concluding thoughts
6. Data governance and compliance with Atlan
7. Data governance and compliance: Related reads

Governance vs. compliance

Here’s the primary difference when comparing governance vs. compliance — compliance is one of the outcomes of good data governance.

Let’s look at the definitions to understand why.

According to Gartner, data governance is “the specification of decision rights and an accountability framework to ensure the appropriate behavior in the valuation, creation, consumption, and control of data and analytics.”

Data governance is a management approach for data that facilitates its security, availability, integrity, privacy, and use.

Meanwhile, the VP and Chief Global Compliance Officer at New York University, Robert Roach, defines compliance as “the use of systemic approaches for governance. These approaches ensure institutions meet their obligations under the applicable laws, regulations, best practices and standards, and institutional policies. Data compliance helps in promoting transparency and accountability in institutional operations.”

Compliance implies that your data capture, storage, and management practices follow the data-related rules and regulations. These regulations vary depending on geography, industry, and data type.

Some of the most common regulations include:

GDPR

The EU’s General Data Protection Regulation (GDPR) protects the data of European Union residents. It outlines guidelines for securing sensitive personal information.

Under GDPR, companies can be asked for clarifications on their data collection. They can also be asked to delete the data on EU residents and provide comprehensive reports on any data leaks or breaches.

Companies that go against the GDPR data governance regulations can face high penalties of up to €10 million or 2% of the annual revenue from the previous financial year.

CCPA (The California Consumer Privacy Act)

The CCPA protects the privacy rights of California residents. It applies to businesses in California (or ones with 50,000+ customers in California) with gross annual revenue over $25 million. Non-profits and government agencies don’t have to ensure CCPA compliance.

Under the CCPA, California consumers can ask companies to disclose how they collect and use personal information. Failure to comply with the CCPA can attract fines from $2500- $7,500 per violation.

HIPAA

HIPAA (Health Insurance Portability and Accountability Act of 1996) protects patients’ data across the US. According to the act, a patient’s consent is mandatory before disclosing their information.

Failure to comply with HIPAA attracts a fine of $100 - $50,000 depending on the offender’s culpability, with a maximum penalty cap of $1.5 million per calendar year. HIPAA violations can also lead to criminal penalties of up to 5-10 years of imprisonment.

Why is compliance important?

1. Improves brand reputation
2. Keeps businesses from paying hefty fines due to non-compliance
3. Enhances cybersecurity
4. Improves data management

Compliance helps customers know their data is safe, thus building customer confidence, trust, and loyalty. It also helps improve brand reputation, cybersecurity, and data management practices, while avoiding fines for non-compliance. Let’s explore each benefit further.

1. Improves brand reputation

When a business shows transparency through a clear data compliance strategy, it improves customer confidence and brand reputation.

Customers appreciate and respect businesses with high levels of data compliance and transparency in their data governance practices. It helps customers understand how businesses handle their data while respecting their privacy.

That’s why non-compliance doesn’t just lead to fines but also to loss of trust in customers.

A cautionary tale is that of Meta CEO Mark Zuckerberg having to appear before the U.S. Congress because of data breaches and privacy concerns. Zuckerberg had to explain how the company handled user data and how it planned to uphold data privacy in an attempt to salvage his company’s reputation.

2. Keeps businesses from paying hefty fines due to non-compliance

Non-compliance penalties can be high enough to affect your company’s finances. Some of the biggest companies that have paid hefty fines in 2020-2021 include:

• Amazon: Fined €746 million in Luxembourg for its aggressive advertising forces users to accept cookies, thereby violating GDPR laws
• WhatsApp: Fined €225 million by Ireland’s Data Protection Commission (DPC) for lack of transparency in its data processing and privacy practices
• Google: Fined €150 million in France for dropping the site’s tracking cookies without consent
• British Airways: Fined €23 million in the UK for a breach that affected 400,000+ customers
• Marriott International Inc: Fined €21 million in the UK for a breach that leaked the personal data of millions of its customers

Most of these fines are because of non-compliance with major regulations like GDPR or cyberattacks leading to data breaches.

3. Enhances cybersecurity

The Cost of a Data Breach Report by Ponemon Institute highlights that data breaches have cost companies USD 4.24 million, the highest in 17 years. The Identity Theft Resource Center’s 2021 Data Breach Report complements these findings — there has been a 68% rise in data breaches in 2021.

According to the President and CEO of the Identity Theft Resource Center Eva Velasquez:

“We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud. The number of breaches in 2021 was alarming. Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them. If those defenses failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”

The solution lies in adopting a solid data security framework driven by automation, AI, and a zero-trust approach to granting access, according to the Ponemon Institute’s 2021 report.

Compliance with regulations like GDPR requires something similar — all companies must set up data security strategies with protected workflows, end-to-end monitoring, and secure infrastructure. So, compliance can help you tackle cyber threats and minimize the risk of data breaches.

4. Improves data management

Compliance with data regulations ensures that companies document how they collect, store, and use data. The documentation also includes an action plan in the event of a cyberattack or a data breach.

In addition to addressing data compliance issues, proper documentation and planning also enhance the overall data management across the organization.