GLOSSARY

Data Governance

Data governance is the policies, roles, processes, and controls — across DAMA-DMBOK and DCAM — that make enterprise data trustworthy and compliant.

Last updated:

Quick answer
Data governance is the set of policies, roles, processes, and controls that make data trustworthy, compliant, and fit for use across the organization. It is not a technology but the framework that tells the technology what to enforce. Mature governance produces a classified data catalog, named domain stewards, role-based access policies, lineage tooling, and measurable adoption across teams.

WHAT IT IS

A working data governance program names data owners and stewards, publishes a business glossary of canonical definitions, maintains a data catalog with lineage, defines classification and access tiers (public, internal, confidential, restricted), and encodes legal obligations — GDPR, CPRA, PIPEDA, Quebec's Law 25, HIPAA, and sector-specific rules — into enforceable controls. DAMA-DMBOK and the DCAM framework are the most widely used reference bodies.

HOW IT WORKS

Governance lives on three layers: policy (what's required), process (who does what when), and platform (catalog, lineage, access, DLP, privacy tooling — Collibra, Alation, Atlan, Informatica, Microsoft Purview). Without all three, policy exists on paper and not in the data.

WHEN TO USE

Stand up or rebuild governance when audits are surfacing surprises, when AI initiatives require traceable training data, or when cross-border data transfers trigger new legal exposure.

RELATED

SOURCES

Related questions.

What is data governance?
Data governance is the set of policies, roles, processes, and controls that make data trustworthy, compliant, and fit for use across the organization. It is not a technology — it is the framework that tells the technology (catalogs, access tools, lineage platforms) what to enforce.
Who owns data governance?
A Chief Data Officer or equivalent usually owns it, supported by domain data stewards who are accountable for the quality and usage of specific data assets. IT owns the enforcement mechanism; the business owns the data itself. Governance programs where IT is the sole owner fail.
What regulations drive governance decisions?
GDPR in the EU/UK, PIPEDA and Quebec Law 25 in Canada, CCPA/CPRA in California, HIPAA for healthcare in the US, the PDPL family across GCC markets, and sectoral rules (PCI DSS for payments, SOC 2 for B2B SaaS). Cross-border data residency requirements often dominate architecture decisions.
What does a governance program actually produce?
A data catalog with ownership, classifications (PII, confidential, public), lineage, access controls mapped to roles, a quality monitoring layer, and a named process for handling data subject requests, breach response, and retention. Without those artifacts, the program is a policy binder.
How does NUUN Digital stand up governance?
We deliver governance as a phased program: classify the top 20 data assets first, stand up catalog and lineage tooling, write role-based access policies, and measure adoption — not intent. Governance without measurable adoption is theater.

Need this term in action?

Book a call