by Florian Delabie
- Information Security Consultant
Today, more than ever, there is a real and urgent need for companies and organisations to invest in data governance. For security reasons first and foremost, obviously. But also to meet compliance demands, since the EU is putting more and more regulatory pressure on its Common Market. At the end of the day, however, the main thing to keep in mind is that, next to an absolute necessity, data governance also is an asset for value creation.
In my previous blog post, I’ve looked at how the evolving security context strongly impacts the field of data governance. The regulatory context too is evolving, however. And that evolution puts additional pressure on organisations to invest in data governance.
EU promotes data governance
Several new laws that promote and regulate data governance within the European Union are currently being developed or have been adopted already. The recently approved Data Governance Act (DGA), for example, aims to promote the availability of data for reuse across sectors and borders, enabling and guiding the creation of EU-wide common interoperable data spaces in strategic sectors such as energy, mobility, and health. More particularly, it sets up mechanisms to facilitate the reuse of certain categories of protected public-sector data. In this respect, it complements the 2019 Open Data Directive, which does not cover such types of data. In more general terms, the DGA facilitates and fosters data sharing by companies, individuals, and the public sector across the EU, creating the processes and structures for it.
Another such example is the “Regulation on harmonised rules on fair access to and use of data”, also known as the Data Act, which is still under approval as I am writing this. Alongside and complementary to the aforementioned Data Governance Act, this new proposal is a key pillar of the European Data Strategy, which aims to make the EU a leader in today’s data-driven society. In particular, the EU is aiming to create a single market for data where personal and non-personal data are secure, where businesses have easy access to high-quality industrial data, and where rules governing access to and use of data are fair, practical, and clear.
That final objective is where the Data Act comes in, as it clarifies who can create value from data and under which conditions. This new EU regulation envisages rules for enterprises in all economic sectors and applies to both personal and non-personal data. As such, it is consistent with and builds on the GDPR and the ePrivacy Directive (to be replaced by the ePrivacy Regulation).
More benefits: resilience and agility
While new regulations such as these aim to facilitate and foster data sharing, at the same time they also allow organisations to better protect their data. Which has become more than a necessity, as I explained in my previous blog post. Indeed, all through this evolving regulatory context, organisations have started to realise that their data is in effect an important asset that they can use to create value. That’s why they also need to manage and govern it properly, just as they would any other business asset, from property and machinery to human and financial capital.
This requires, among other things, that they put the right people, processes, and tools in place to successfully implement data governance, both on an operational or tactical, and strategic level. As a result, not only will they be able to better protect their data assets, draw value from them and mitigate the risks, but they will also become more resilient in terms of business continuity and more agile towards the new threats and regulations that are sure to keep coming.
Want to find out how Sopra Steria can help you successfully implement data governance? Contact me or my colleagues directly!